...
Internet Explorer 6.0 | FireFox 1.0 |
|---|---|
|
|
The Browser Based Authentication mechanismFor both the Forms/SSL and Browser based authentication mechanisms, it is important that the user trusts the web site they are loggin in to. Just becasue you use an SSL encypted form to send your username and password to a remote web site doesn't mean that your password is safe. For example, if the programmer who created the remote web site is inexperienced in security issues, they could easily do something to compromise your password without intending to do so. Becuase security is so important and so easy for a programmer to get wrong, the Department of Energy requires SLAC to not allow programmers to every ask a user for their username and password unless they obtain special permission from the lab.
It is important to the user that they trust the web site they are sending their credential to, which is why the dialog boxes. In the dialog boxes above, it is clear to the user that they are connecting to the web site http://glast-ground.slac.stanford.edu/
...