On 10/12/12 15:38, Bill Burke wrote:
> I was thinking about this some more. Password-based authentication
> should probably only be configured at the WebTarget level only. If done
> at the Client level, couldn't the client be exposed to phishing attacks?
> A rogue server could post a basic-auth challenge, and the Client could
> unwittingly transmit the username/password to the rogue server.
>
And what is WebTarget happens to point to the rogue server already amd
the code attempts to do a pre-emptive authentication ?
Sergey