Re: Insecure WWW Access Authorization Protocol?
Tony Sanders (sanders@BSDI.COM)
Tue, 8 Mar 1994 23:10:50 --100
michael shiplett writes:
> "ts" == Tony Sanders <sanders@BSDI.COM> writes:
> The URL is as trustworth as the source of the URL--whether the
> source is in or out of band.
If you cannot trust the server reply to get the realm information from
then why do you think you can trust the URL? You have exactly the
same problems as when you started.