Bugtraq mailing list archives
Re: Intacct.com: Multiple bugs at financial services company
From: Aaron Bentley <abentley () PANORAMICFEEDBACK COM>
Date: Wed, 6 Sep 2000 13:23:43 -0400
On Wed, 6 Sep 2000, Chris L. Mason wrote:
I think there's a solution to this "problem" that is far too often overlooked. More sites simply need to start using HTTP Basic Access Authentication. This is the mechanism that causes those a "pop-up" box to appear where the user must enter their username and password.
Hi, We use Basic Authenication on our site. Here's some extra comments: 1. If you ask it to, Internet Explorer will cache the password indefinitely 2. The username is cached. It's very tricky to allow users to change their username without restarting their browser 3. Proxy servers can interfere with http authetication. When your web site doesn't work, they'll blame you, not themselves. 4. It's harder to detect dictionary attacks on your web site, since http auth is usually handled at the server level, not the CGI level. Aaron Aaron Bentley Manager of Information Technology PanoMetrics, Inc.
Current thread:
- Re: Intacct.com: Multiple bugs at financial services company Nagi Prabhu (Sep 05)
- Re: Intacct.com: Multiple bugs at financial services company Jeffrey W. Baker (Sep 05)
- Re: Intacct.com: Multiple bugs at financial services company Chris L. Mason (Sep 06)
- Re: Intacct.com: Multiple bugs at financial services company Peter W (Sep 06)
- Re: Intacct.com: Multiple bugs at financial services company Alan DeKok (Sep 06)
- Re: Intacct.com: Multiple bugs at financial services company Andrew Pimlott (Sep 06)
- Re: Intacct.com: Multiple bugs at financial services company Aaron Bentley (Sep 06)
- Re: Intacct.com: Multiple bugs at financial services company Rob Mayoff (Sep 06)
- Re: Intacct.com: Multiple bugs at financial services company Matt Power (Sep 06)
- Re: Intacct.com: Multiple bugs at financial services company Chris L. Mason (Sep 06)
- Re: Intacct.com: Multiple bugs at financial services company Ryan Russell (Sep 05)
- <Possible follow-ups>
- Re: Intacct.com: Multiple bugs at financial services company Smith, Eric V. (Sep 07)
- Re: Intacct.com: Multiple bugs at financial services company Jeffrey W. Baker (Sep 05)