- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Wed, 13 Jun 2007 00:56:07 +0200
- To: Adrien de Croy <adrien@qbik.com>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Received on Tuesday, 12 June 2007 22:56:30 UTC
ons 2007-06-13 klockan 10:16 +1200 skrev Adrien de Croy: > I've never seen an instance of Digest auth. I have set up several servers using Digest auth. There really isn't any reason not to use Digest over Basic if you anyway have a local password file. Yes, some browsers is a bit broken, but most servers know how to work around them. Yes, due to the brokenness not all the security features of Digest can be used (strict replay protection), but it's heaps better than Basic even without them.. Using TLS is often overkill, and requires much more administration to get a certificate issued, installed etc. Regards Henrik
Received on Tuesday, 12 June 2007 22:56:30 UTC