[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Non-Borg servers can authenticate Borg clients (Was Re: [
At 8:28 PM -0800 1/9/04, Robert Koberg wrote: >the point was that he clearly stated the correct *way* without >having used it or seen it used. I have no problem adapting/adopting >a better way. I have been doing it most of my life (I started >/programming/ with MACR Authorware developing educational CDROMs) > No. I initially stated that HTTP authentication was superior to cookie based authentication for architectural reasons. I've used HTTP authentication quite a bit over the years, since before digest authentication was invented, and I can state from experience that it is easier to configure, cheaper to implement, and architecturally sounder than cookies. However, Rich Salz pointed out that basic authentication was insecure because it sent the password in the clear. I thought that was a very strange thing to to do so I went looking in the specs and discovered digest authentication which seemed to solve the problem neatly. Salz pointed out some security issues with digest authentication. I pointed out some security issues with cookie based authentication. Then Salz claimed digest authentication didn't actually work and John Cowan claimed it wasn't interoperable between Borg and non-Borg systems, but most of their sources seemed to be at least four years old and based on outdated software, so I decided to run my own tests; and as I expected it seems like the status quo is better today than it was four years ago, though it is imperfect. In the future when I need authentication I'll make a choice between basic authentication, digest authentication, and/or SSL depending on the security needs of the realm and the necessity of supporting older browsers. We're all looking for the better way; and it appears we may have more choice than many, perhaps any, of us realized. When one is looking for the better way, sometimes you have to prepared to revisit and challenge old assumptions and knowledge, especially in as rapidly changing a field as technology. What he learned four years ago may very well not be true today. What we learn today may not be true four years from now. -- Elliotte Rusty Harold elharo@m... Effective XML (Addison-Wesley, 2003) http://www.cafeconleche.org/books/effectivexml http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|