Michael Ströder <michael@stroeder.com> writes: > Thomas Gagne wrote: > > > > When you do basic authentication on a web server, the password arrives in the > > CGI script encrypted. > > No, unless the web server and the client are doing digest > authentication which is very unlikely. IIRC, it travels base64-encoded in the request header, but is otherwise in the clear. Julio