For all of those users who rely on the ability to send a username and password in a URL string, not for malicious purposes, but just to transfer that information over to your other application so that users don't have to login, YOU ARE OUT OF LUCK. The latest microsoft patch for IE (KB832894) will deactivate this within IE removing the possibility for you to utilize this key technique for your applications. While I agree that doing this is not secure, even over https, and many email users have been caught because of sites using this as their doorway into accounts, it is going to be a missed feature as it allowed for the easy use of demos, etc... for sites and applications.
KB Quote:
This Internet Explorer cumulative update also includes a change to the functionality of a Basic Authentication feature in Internet Explorer. The update removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no longer supported in Internet Explorer or Windows Explorer after you install this software update:
http(s)://username:password@server/resource.ext
Now, there are some workarounds that you can do but you will have to utilize them if you would like this feature to even be remotely available to you.
See http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 for the work around.
I hope this notice helps you. Good luck and happy developing.
