[QUOTE=chalsall;315236]OK. I would argue silly, but good to know.[/QUOTE]

Even when protected by a master password? I mean I can see why it is less secure but sillier than trying to memorize 200 passwords?

[QUOTE=chalsall;315236]OK. I would argue silly, but good to know.[/QUOTE]

Sorry. I know that my internet hygiene practices are deficient. When sites compel it, I comply with more stringent standards. (That is, some sites seem to defeat the Firefox password capture.)

[QUOTE=chalsall;315222]Wait a minute...

I'm trying to move from HTTP Basic Authentication to Digest Authentication.

How many trust their browsers with their passwords?[/QUOTE]

me

me 2

Unless you use a master password, try Options-Options-Security-Saved Passwords-Show Passwords

[QUOTE=kracker;315307]Unless you use a master password, try Options-Options-Security-Saved Passwords-Show Passwords[/QUOTE]
So? I need that quite often - who else should remember my passwords, if not firefox ... (BTW, also works with master password, you just have to remember it :smile:)

indeed, firefox is good in remembering all my passwords, better then me. And because I access different sites at work and home, sometime I need to synchronize those passwords, and I use a screen capture (png) from that firefox menu, which I am sending from home to work or viceversa, in a compressed/encrypted form (zip or rar with password) :razz:

[QUOTE=Bdot;315315]So? I need that quite often - who else should remember my passwords, if not firefox ... (BTW, also works with master password, you just have to remember it :smile:)[/QUOTE]

Yeah, but I usually think of passwords that are something "secure", so only I can login with it, not visible easily :razz:

Ok heck, the chance is almost nothin' that someone will go there and view them, but you get my meaning:smile:

Install SSL cert at your site and basic auth will be encrypted.
 

[QUOTE=chalsall;315222]Wait a minute...

I'm trying to move from HTTP Basic Authentication to Digest Authentication.

How many trust their browsers with their passwords?[/QUOTE]



Easy solution.... Use SSL. Since negotiates the encryption key exchange before any data is sent even your basic_auth feature will end up being fully encrypted.

[QUOTE=swl551;315387]Easy solution.... Use SSL. Since negotiates the encryption key exchange before any data is sent even your basic_auth feature will end up being fully encrypted.[/QUOTE]

Since [url]https://www.gpu72.com/[/url] has worked for months, you might reasonably assume I know that.

Now, if your SSL channel has been comprised (and there are many ways to do so), what passes with every "HTTP Basic Authentication" request?

Oh, by the way, you gave a fancy link to GoDaddy with reference to SSL above. I've removed it. I hope that's OK with you et al.

No redirect?
 

[QUOTE=chalsall;315424]Since [url]https://www.gpu72.com/[/url] has worked for months, you might reasonably assume I know that.

Now, if your SSL channel has been comprised (and there are many ways to do so), what passes with every "HTTP Basic Authentication" request?

Oh, by the way, you gave a fancy link to GoDaddy. The Idiot's domain and SSL provider.

Do you get any credit for anyone who is stupid enough to buy a domain or a SSL cert from them?[/QUOTE]

Why leave port 80 taking traffic when you have an SSL site??