On 8/22/06, Juliusz Chroboczek <Juliusz.Chroboczek at pps.jussieu.fr> wrote: > I think the solution would be to make sure that your web browser never > uses HTTP authentication without also using SSL. If anyone wrote a > firefox extension to make sure of that, he'd be doing us a favour. > or just make sure security.warn_submit_insecure is true?