in reply to Re: Hacking "explained"
in thread Filtering potentially dangerous URI schemas in <a href="...">

Funny, I mentioned exactly that example when post-discussing with hackmare. :) Mix the User-Agent with the pw before encrypting and the attacker must use or simulate the exact same browser. Just obscurity, yes, but better than nothing. :)

Using IP, as some would suggest, is generally a bad method, as it changes (sometimes every request) for lots of people.

You have moved into a dark place.
It is pitch black. You are likely to be eaten by a grue.