I concur. 1 in every 12 loads require an HTTP auth prompt? Seems very high.
Visual inspection of the probe implementations [1] [2] show no obvious
faults, so I'm not sure what's going on here.
[1]
Is there a way that we can gather if people are using this for testing web
sites? This might account for those numbers.
For example, there is basic support, and I mean really basic support, in
Selenium to handle Basic auth and we suggest to people that setting up a
proxy in the middle to handle
On 11/06/2016 03:27, Jason Duell wrote:
This data also smells weird to me. 8% of pages using basic auth seems very
very high, and only 0.7% of basic auth being done unencypted seems low.
Nitpick: it's 0.7% of total traffic - 749k / 8.7 million ~> 8.6% of
basic auth is over unencrypted
This data also smells weird to me. 8% of pages using basic auth seems very
very high, and only 0.7% of basic auth being done unencypted seems low.
Perhaps we should chat in London (ideally with Honza Bambas) and make sure
we're getting the telemetry right here.
Jason
On Fri, Jun 10, 2016 at
On 4/18/16 09:59, Richard Barnes wrote:
Could we just disable HTTP auth for connections not protected with TLS? At
least Basic auth is manifestly insecure over an insecure transport. I
don't have any usage statistics, but I suspect it's pretty low compared to
form-based auth.
As a follow up
5 matches
Mail list logo
