W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1995

another Digest Access Authentication question

From: Dave Kristol <dmk@allegra.att.com>
Date: Thu, 16 Mar 95 18:05:06 EST
Message-Id: <9503162313.AA16967@hplb.hpl.hp.com>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
[Is anyone paying attention to my other questions?]

The client's Authorization: header contains
	uri="<requested-uri>"

I read the paragraphs about how the server checks the validity of the
information to mean that the server uses the header's "uri" value when
it calculates A2.  Should the server ever compare the "uri" value
against the URI it actually received as part of the request, too?  If
so, does it matter whether that comparison comes before or after the
various MD5 checks?  (I assume if there's a mismatch, the request is
rejected.  True?)

Another, minor nuisance, question:  should the MD5 digest function be
required to produce hex with all lower (or upper) case letters?  It's
easy to check stuff caselessly, but it's a little less efficient.

Dave Kristol
Received on Thursday, 16 March 1995 15:24:01 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:14 EDT