17 Dec
2003
17 Dec
'03
11:17 p.m.
Except for the bit about the file not being deleted after quitting Netscape (which is Bad), this is old news. This is why security-conscious sites like banking.wellsfargo.com ask for passwords in an SSL-encrypted form rather than via simple browser authentication. Even if Netscape did delete the "password cache," anyone with physical access to your machine could still recover it from disk. I believe that Microsoft Internet Explorer and other browsers derived from Mosaic do the same thing. Netscape et al know that simple browser authentication is of limited usefulness, which is why we keep trying to commit them to DCE. -rich