- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 3 Dec 2004 21:32:55 +0000 (UTC)
On Mon, 8 Nov 2004, Aaron Swartz wrote: > > My thinking was that the server would simply support both -- Digest > Auth for WF2 UAs and standard insecure POST/cookie auth for old UAs. > This would take a little extra coding but hardly seems insurmountable. Digest Auth is insecure; the point of using HTTP auth for login instead of cookies wouldn't be to increase security, it would be to put the authentication information at the appropriate level. IMHO if we required authors to implement both HTTP auth and POST/cookie auth, they'd only do one, not both. There wouldn't be any advantage to doing both, really. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 3 December 2004 13:32:55 UTC