In Internet Explorer (v5/nt,v4/nt,v5/win98), when I go to a website (say, www.company.com), and it requests authorization (via basic authentication), and I enter it, I am able to browse the rest of the site without reentering my password on each page. This is fine. However, if I go to another website on the same machine, but a different port (say, www.company.com:81), my authentication information is still sent. This seem to me to be a security flaw with the browser. The potential for abuse doesn't really seem very high, but I do think it's there.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:31 PDT