xml-dev - RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

[ Lists Home | Date Index | Thread Index ]

To: "'xml-dev@lists.xml.org'" <xml-dev@lists.xml.org>
Subject: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
From: Ralph Hilken <ralph.hilken@artige.com>
Date: Tue, 6 Jan 2004 13:51:04 -0500

On Tuesday, January 06, 2004 10:47 AM EDT, Elliotte Rusty Harold
wrote:

> Why not? Also a good question. I think it's mostly a matter of 
> history and unfamiliarity with the design and technology of the Web, 
> as well as inertia.

Hello Harold:

In addition to HTTP authentication not being deployed due to lack of
popularity or experience with it, there are the recent "phishing"
exploits publicized, with warnings published by E-Week:
 http://www.eweek.com/article2/0,4149,1409700,00.asp
 http://www.eweek.com/article2/0,4149,1399670,00.asp

and Microsoft:
 http://support.microsoft.com/?id=833786

This will not promote usage of a technology when you are warned about 
its use (quoted from the above Microsoft Knowledge Base Article):
"The following list shows some of the characters that may appear in a 
URL that could lead to a spoofed Web site: 
%00
%01
@"

Made me have second thoughts about deploying HTTP authentication.  Shame 
we have to deal with this.

Regards,
Ralph

Follow-Ups:
- RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
  - From: Elliotte Rusty Harold <elharo@metalab.unc.edu>

Prev by Date: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
Next by Date: Re: [xml-dev] Another mutated variant of the 'PowerPoint makes yo udumb'story
Previous by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
Next by thread: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
Index(es):
- Date
- Thread