W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Re: potential security holes in digest authorization

From: Dave Kristol <dmk@allegra.att.com>
Date: Fri, 14 Jul 95 18:22:32 EDT
Message-Id: <199507150019.AA261957552@hplb.hpl.hp.com>
To: john@math.nwu.edu
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
John Franks <john@math.nwu.edu> says:
  [...]
  > Under the current proposal what is stored in the server user/password
  > file is 
  > 	user:H(<username> : <realm> : <password>)
  > 
  > So gaining illicit access to the server password file does not
  > compromise the password.  Of course, it *does* grant illicit access to
  > the documents on that server in that realm.  I believe this is what
  > Brad Barber was referring to when he said the password file needed to
  > receive highest security.
  [...]

That helps, but I have a quibble.  I would prefer not to tie the username
and password so strongly to a particular realm, because:
    1) I might like to change the name of the realm (if only slightly).
    2) I might like to use the same password file for more than one realm.
Each of these is impossible if the information in the password file
has the realm embedded in it.

While I have the floor (:-), I'll reiterate my standard quibble about
realms and prompts.  Currently they are identical.  That is, if I tell
a browser that the protection realm is "foo", the browser asks for a
name and password for "foo".  I would prefer to be able to specify the
prompt separately.  So, the prompt for realm "foo" could be "World War
II Euphemism".  I think the name of the realm is a denotational matter
between the client and server, whereas the prompt is something the
browser shows the user.

Dave Kristol
Received on Friday, 14 July 1995 17:20:27 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:23 EDT