W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: Authorization with WWW-Authenticate (bis)

From: Nicolas Alvarez <nicolas.alvarez@gmail.com>
Date: Wed, 11 Nov 2009 19:54:45 -0300
To: ietf-http-wg@w3.org
Message-ID: <hdffbk$r7p$1@ger.gmane.org>
Henrik Nordstrom wrote:
> What is unspecified is how the user agent should behave if none of the
> provided challenges is understood. It seems to me that most user agents
> then fall back on basic auth with unspecified realm which imho is not a
> bad thing to do. Both unlikely to be accepted by the server AND exposing
> password details in the plain for no good value, better to abort the
> request with an error.

Your third sentence makes me think you meant "is a bad thing" or "is not a 
good thing" in the second one...
Received on Wednesday, 11 November 2009 22:55:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:13 GMT