Announcement

Collapse
No announcement yet.

FYI - member area - username:[email protected]

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • seanf
    replied
    Originally posted by jibious
    ... this is non-RFC ...
    If you actually read the RFC you'll see that it is not recommended:

    Some URL schemes use the format "userassword" in the userinfo field. This practice is NOT RECOMMENDED, because the passing of authentication information in clear text (such as URI) has proven to be a security risk in almost every case where it has been used.
    Sean

    Leave a comment:


  • jibious
    replied
    i guess its okay to write a bug fix thats against RFC standards... and hey, it only took them six months to put this fix out.

    i just think they could have done a lot more in that six months to actually FIX the issue and not create a new one (one of RFC compliancy).

    personally, i liked the feature. but on username[email protected] sites, you were not able to save images as .jpg files (yes, i used to look at porn). every other browser, you could. its just been bad coding on their part in this aspect for some years now...

    Leave a comment:


  • filburt1
    replied
    Originally posted by Stadler
    Ugh, this is a poor fix IMHO. Is M$ so unfit to fix such a bug, so that they apply such a crappy workaround?
    It's not fixing a bug, it is protecting users from their own dangerous behavior: saving passwords in plain text (the equivalent of security suicide) and deceptive links.

    I have never--NEVER--had a need to use the username[email protected] method of logging into a site.

    I also have a hard time taking people seriously who spell Microsoft or MS with a dollar sign.

    Besides, this is not a debate for Microsoft's security responses; the warning, such as it is, about the Member's Area has been posted and is over with.

    Leave a comment:


  • DWZ
    replied
    There are times when I'm on a secure website which requires me to go another secure website so it gives the login/password in the form of http://username[email protected]/ to save me having to type in the login and password.

    Whilst Microsoft may think it, I'm not an idiot and realize http://mybank.com/info:[email protected]/ is not the best place to confirm my login information when I'm sent a spam email....

    Leave a comment:


  • Stadler
    replied
    The fix is crappy. I didn't say, that it's a good idea to store any passwords in plain text.

    Leave a comment:


  • merk
    replied
    Why is it crappy? You're storing your password data in plain text!

    At least let the window pop up and choose "save password" so it is stored in a safer protected area on your harddrive!

    Good move for microsoft, imo - having people spoof urls around that look like they come from proper domains really sucks.

    Not a reason to switch browsers, there are other better (more secure) solutions available for password management.

    Leave a comment:


  • Stadler
    replied
    Ugh, this is a poor fix IMHO. Is M$ so unfit to fix such a bug, so that they apply such a crappy workaround?

    Leave a comment:


  • DWZ
    replied
    Yes, I read in the news that Microsoft was planning on doing this. Then one day I went to Windows Updates and got a whole lot of critical updates to find that one of them removed the username[email protected] feature, which is, well, annoying.

    I eneded up finding a registry "fix" that reversed the problem

    Leave a comment:


  • Floris
    replied
    With that many security issues with Microsoft products .. I don't feel safe putting my favorite .html file full with user[email protected] information

    Leave a comment:


  • Thomas P
    replied
    Hmmm, isn't there a https access to the member site?

    Leave a comment:


  • filburt1
    replied
    Microsoft made the change to stop spoofers from tricking unsuspecting users into giving up personal information on normally trusted sites. I would hardly consider it a reason to switch to Firefox if the user is already confortable with IE.

    Leave a comment:


  • jibious
    started a topic FYI - member area - username:[email protected]

    FYI - member area - username:[email protected]

    just an FYI for IE6SP1 users who updated the latest Microsoft patches (specifically MS04-007, i believe - the ASN.1 vulnerability)

    http://username[email protected]/members/ will no longer work, as username[email protected] is no longer being passed over on URLs. this is non-RFC, so you MIGHT expect a fix one day or the other from microsoft. this would affect any 'Favorites' or links that you click on that are formatted this way.

    i would suggest installing Mozilla Firefox v0.8 and using it for now.
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X