[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: RE: Encoding charset of HTTP Basic Authentication

• From: Petite Abeille <petite.abeille@gmail.com>
• To: xml-dev <xml-dev@lists.xml.org>
• Date: Mon, 30 Jan 2012 15:17:35 +0100

On Jan 30, 2012, at 2:52 PM, Pete Cordell wrote:

> A quick question before I do though, does Digest require the server to have access to the password in clear text form, whereas Basic allows the server to store the password in some hashed form?

That's the crux of it: digest is not worth the complications IMO.

If you care about the integrity of the transport channel, use TLS.

If you use TLS, basic is all what you need.

• Follow-Ups:
  • RE: RE: Encoding charset of HTTP Basic Authentication
    • From: "David Lee" <dlee@calldei.com>

• References:
  • RE: Encoding charset of HTTP Basic Authentication
    • From: "David Lee" <dlee@calldei.com>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: "Pete Cordell" <petexmldev@codalogic.com>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: Petite Abeille <petite.abeille@gmail.com>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: "Pete Cordell" <petexmldev@codalogic.com>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: "Pete Cordell" <petexmldev@codalogic.com>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: Michael Sokolov <sokolov@ifactory.com>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: "Pete Cordell" <petexmldev@codalogic.com>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: Greg Hunt <greg@firmansyah.com>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: "Pete Cordell" <petexmldev@codalogic.com>