Netscape's use of SSL

Ben Laurie ben@algroup.co.uk
Sun, 07 Nov 1999 23:26:48 +0000


Tyler Close wrote:
> 
> This time it really was Ben Laurie who wrote:
> > The secret bits should be conveyed by something
> > other than the URL. For
> > example, POST data in a form, or output from a
> > client-side Java app
> > (also posted).
> 
> Why?

Not for any fundamentally good reason: simply because browsers tend to
show the URL to people but not POSTed data. Certainly not when it comes
from a Java app. For example. So it is a defence against
shoulder-surfing.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi