[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypted Passwords



Michael Ströder <michael@stroeder.com> writes:

> Thomas Gagne wrote:
> > 
> > When you do basic authentication on a web server, the password arrives in the
> > CGI script encrypted.
> 
> No, unless the web server and the client are doing digest
> authentication which is very unlikely.

IIRC, it travels base64-encoded in the request header, but is
otherwise in the clear.

Julio