On Friday, February 13, 2004, at 12:23 PM, Alex Rice wrote:
...a recently-discovered flaw in the way that IE parses URLs allows scam artists to completely replace Web URLs that use the username:password@ formatting with a URL of their choosing, regardless of which Web page is actually displayed in IE.
There is a related weakness in SSL and this might aggravate it. SSL will help assure that the other guys are who they say they are but does nothing to connect who they say they are to who you think they are. The closest thing is the user looking at the URL.
Fortunately, specialized browsers can do some checking that should help a lot. I hope that the upcoming SSL capability includes the ability to see some or most fields from the presented certificate. This will allow Revolution apps to fill an important niche.
Dar Scott
_______________________________________________ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
