Basically you're just sending your user/pass out (in clear text if you're not using HTTPS) to a server that didn't even ask for it.
Now if the systems are internal to your network and you want to assume that risk, not reason why you couldn't do it... Bill- On Dec 16, 2011 3:37 AM, "Даниел Симеонов" <[email protected]> wrote: > Hello, > I would like to ask why "preemptive basic authentication" is > discouraged. I have read the following "Generally, preemptive > authentication can be considered less secure than a response to an > authentication challenge and therefore discouraged." > but what are the real reasons for that? > Thank you very much! > Best regards, Daniel. >
