Jeff writes:

This report is mostly bogus. Netscape does not, and never has stored http auth passwords in files on your disk. However we do cache documents from servers that use http auth. In this case the user had their preferences set to check the host site for updated content "once per session". There is a bug, which we are fixing before 2.0 ships, that if the auth fails the document should be removed from the cache but was not. If the user had set their cache checking to "never", then if the document is in the cache, it will always be shown to the user, since no connection is made to the server.

Content providers who don't want their web pages cached should use the 'Pragma: no-cache' http header. This will tell the navigator to not save the document in the disk cache.

--Jeff

Thanks for clearing that up - I see you've already been over to www-security. The fast response Netscape (and in particular, you yourself) make to reported problems is something I'm very pleased to see. Peter Trei trei@process.com