W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Re: potential security holes in digest authorization

From: Albert Lunde <Albert-Lunde@nwu.edu>
Date: Mon, 17 Jul 1995 10:30:13 -0500
Message-Id: <v01510100ac2fea999a81@[]>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
At 10:17 AM 7/17/95, dmk@allegra.att.com wrote:
>Fair enough.  How about using the server-name in place of realm, then?
>(After all, it's possible two webmasters might choose the same realm
>name on different servers, isn't it!) That would render the same
>username/password combination unique on different machines.  So the
>stored hash would be:
>	H(<username> : <server-domain-name> : <password>)

It may not be obvious to a client which of several CNAMEs for a particular
server should be used, (this relates to the vanity-names/URL issue).

    Albert Lunde                      Albert-Lunde@nwu.edu
Received on Monday, 17 July 1995 08:27:20 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:14 UTC