W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2006

Re: Digest Authentication (Broken in many Browsers)

From: John C. Mallery <jcma@csail.mit.edu>
Date: Wed, 12 Jul 2006 18:25:14 +0000
Message-Id: <C7834026-2B5E-43D4-97A9-57304BB64AC0@csail.mit.edu>
Cc: ietf-http-wg@w3.org
To: Joe Orton <joe@manyfish.co.uk>





On Jul 12, 2006, at 11:42 AM, Joe Orton wrote:

> On Wed, Jul 12, 2006 at 02:47:59PM +0000, John C. Mallery wrote:
>> Few browsers seem to have implemented HTTP 1.1 Digest Authentication
>> correctly, at least on the Mac.
>>
>> Digest authentication of proxy requests seems to be a major problem
>> area.
>>
>> Firefox 2.0b1 seems to be the best implementation on the mac.
>>
>> 1. I note, however, that it computes the digest based on the relative
>> URI of the absolute URI requested of the proxy.
>
> I think this is a post-1.5 regression in Firefox,

Actually, this is similarly broken in firefox 1.5 and Mozilla too.

> we had a similar
> report with similar details filed against mod_auth_digest:
>
> http://issues.apache.org/bugzilla/show_bug.cgi?id=37959

Did they ever fix it?
Received on Wednesday, 12 July 2006 18:36:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:46 GMT