>Number: 2439
>Category: mod_auth-any
>Synopsis: NonCached Name/Pwd's
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: change-request
>Submitter-Id: apache
>Arrival-Date: Sat Jun 13 21:50:00 PDT 1998
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.x
>Environment:
N/A
>Description:
Currently the 'AuthType Basic' allows a users name/pwd to be remembered in the
browser for that session. So, if a user doesn't log out, another person can
use the browsers forward/back buttons to view the private information that the
name/pwd attained.
>How-To-Repeat:
N/A
>Fix:
Add a way in the htaccess file to allow for the choice of if one wants the setup
to include a 'cache' of an authentication name/pwd
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
