Posted by zdzisio on 11/08/07 07:55

Gordon Burditt said:
>>> What arguments does such a NTLM request require?
>> to make it simple:
>> serwer tells the browser: you need to authenticate using NTLM , valid
>> user is required. then browser sends the server id of a user.
>
> What *browsers* do that?

MSIE based. it is an Microsoft thing anyway. an active x applet would
work in MSIE too, i guess

> If the user is asked to enter a valid
> user name, it rather defeats the purpose of not having to log in
> for the web page after you've already logged in on the workstation.

well , we are still taking about corporate solutions, right ?

>
> And since anything that comes from a browser is easily faked, it
> seems to make pretending to be someone else fairly easy.
>

I have a funny feeling ...

>> the one who owns the task running web browser. the one that
>> started web browser, of course
>
> Unless, of course, the web browser LIES.
>

.... that you just don't have an idea what this NTLM thing is, do you?


z.

[Back to original message]