Security of HTTP based authentication

Tom Hukins tom at
Thu Jan 13 20:25:29 GMT 2011

On Thu, Jan 13, 2011 at 07:29:33PM +0000, Alexander Clouter wrote:

[Lots of good advice snipped]

> I personally would just HTTPS *everything*, the solution is in making 
> your website cache friendly.

I don't understand this, given that nothing should cache HTTPS
responses.  Using HTTPS and cache friendliness seem like two
contradictory goals to me.


For a more modern, improved service by the same author, see


More information about the mailing list