DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28659>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28659 Allow Basic authentication to pre-encode the username/password ------- Additional Comments From [EMAIL PROTECTED] 2004-04-29 07:16 ------- Joshua, It is certainly good that you care about security. As you have already mentioned, your solution does only provide security by obscurity. I suggest a slightly more secure approach: 1. Store the credentials in an encrypted file (use the crypto API) 2. Store the private key inside your application so it's more difficult for an attacker. 3. Decrypt the file on demand and provide the credentials for HttpClient This is actually quite simple and does not require any change to HttpClient. Ortwin Glück --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
