1 files changed, 10 insertions, 7 deletions

diff --git a/WebKit/mac/Panels/WebAuthenticationPanel.m b/WebKit/mac/Panels/WebAuthenticationPanel.m
index 4e17536..e0efef7 100644
--- a/WebKit/mac/Panels/WebAuthenticationPanel.m
+++ b/WebKit/mac/Panels/WebAuthenticationPanel.m
@@ -31,6 +31,7 @@
 #import <Foundation/NSURLAuthenticationChallenge.h>
 #import <Foundation/NSURLProtectionSpace.h>
 #import <Foundation/NSURLCredential.h>
+#import <WebKit/WebKitNSStringExtras.h>
 #import <WebKit/WebLocalizableStrings.h>
 #import <WebKit/WebNSURLExtras.h>
 #import <wtf/Assertions.h>
@@ -132,21 +133,21 @@
 
     if ([chall previousFailureCount] == 0) {
         if ([space isProxy]) {
-            message = [NSString stringWithFormat:UI_STRING("To view this page, you need to log in to the %@ proxy server %@.",
+            message = [NSString stringWithFormat:UI_STRING("To view this page, you must log in to the %@ proxy server %@.",
                                                            "prompt string in authentication panel"),
                 [space proxyType], host];
         } else {
-            message = [NSString stringWithFormat:UI_STRING("To view this page, you need to log in to area “%@” on %@.",
+            message = [NSString stringWithFormat:UI_STRING("To view this page, you must log in to area “%@” on %@.",
                                                            "prompt string in authentication panel"),
                 realm, host];
         }
     } else {
         if ([space isProxy]) {
-            message = [NSString stringWithFormat:UI_STRING("The name or password entered for the %@ proxy server %@ was incorrect. Please try again.",
+            message = [NSString stringWithFormat:UI_STRING("The user name or password you entered for the %@ proxy server %@ was incorrect. Make sure you’re entering them correctly, and then try again.",
                                                            "prompt string in authentication panel"),
                 [space proxyType], host];
         } else {
-            message = [NSString stringWithFormat:UI_STRING("The name or password entered for area “%@” on %@ was incorrect. Please try again.",
+            message = [NSString stringWithFormat:UI_STRING("The user name or password you entered for area “%@” on %@ was incorrect. Make sure you’re entering them correctly, and then try again.",
                                                            "prompt string in authentication panel"),
                 realm, host];
         }
@@ -155,13 +156,15 @@
     [mainLabel setStringValue:message];
     [mainLabel sizeToFitAndAdjustWindowHeight];
 
-    if ([space receivesCredentialSecurely]) {
+    if ([space receivesCredentialSecurely] || [[space protocol] _webkit_isCaseInsensitiveEqualToString:@"https"]) {
         [smallLabel setStringValue:
-            UI_STRING("Your log-in information will be sent securely.",
+            UI_STRING("Your login information will be sent securely.",
                 "message in authentication panel")];
     } else {
+        // Use this scary-sounding phrase only when using basic auth with non-https servers. In this case the password
+        // could be sniffed by intercepting the network traffic.
         [smallLabel setStringValue:
-            UI_STRING("Your password will be sent in the clear.",
+            UI_STRING("Your password will be sent unencrypted.",
                 "message in authentication panel")];
     }