W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Re: potential security holes in digest authorization

From: Albert Lunde <Albert-Lunde@nwu.edu>
Date: Mon, 17 Jul 1995 10:30:13 -0500
Message-Id: <v01510100ac2fea999a81@[129.105.110.129]>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
At 10:17 AM 7/17/95, dmk@allegra.att.com wrote:
>Fair enough.  How about using the server-name in place of realm, then?
>(After all, it's possible two webmasters might choose the same realm
>name on different servers, isn't it!) That would render the same
>username/password combination unique on different machines.  So the
>stored hash would be:
>	H(<username> : <server-domain-name> : <password>)

It may not be obvious to a client which of several CNAMEs for a particular
server should be used, (this relates to the vanity-names/URL issue).

---
    Albert Lunde                      Albert-Lunde@nwu.edu
Received on Monday, 17 July 1995 08:27:20 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:23 EDT