[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: RE: Encoding charset of HTTP Basic Authentication
> > password over the wire. It's worse because > > Arrgh! See what happened -- I stopped typing to let my brain catch up, and it never did.... :) Digest is worse because it never spec'd anything other than MD5, although it allowed "space" in the protocol for it. (SHA was published a half-dozen years before.) Unless the browser serializes requests (i.e., one image at a time), full integrity protection with digest usually [not always, see the last part of section 3.2.3 of RFC 2617 and sec 4.5 on replay] doubles the number of HTTP messages. At that point, you might as well give up and use SSL/TLS, and once you've done that, the temptation to use basic-auth (but mom, everybody else does) is too generally too great to resist. /r$ -- STSM, WebSphere Appliance Architect https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|