February 7th, 2004, 06:04 AM
Microsoft would have started with all the good intentions in the world (as do all enterprises do) but then the bean counters would get involved and all those good intentions go out the window.
Security costs money. Bean counters don't like to spend money. (Because they only see as far as the next quater).
IMHO this is where the problem lies.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
February 8th, 2004, 03:40 PM
And remember that they did this for the phising problem, not even because it's clear text in URL password username... But it's still in a RFC, and if it's in a RFC, it's for a good cause. The problem is only the programer using this and thinking that it's secure, but there will always be programmers like that, even without this.