Authentication issues

On Jul 3, 2006, at 7:48 AM, Michael Wechner wrote:

>
> Manfred Baedke wrote:
>> Hi Michael,
>>
>> what's really bad about programmatic clients and form based  
>> authentication is the fact that the form comes with status code  
>> 200, telling the client that everything is fine, and there is  
>> really no realiable way for the client to tell wether the response  
>> body is the intended content or a login form. Form based  
>> authentication, as it is widely used nowadays, is broken by  
>> design. Don't use it.
>
> ok, but what is the alternative? BASIC and DIGEST also have issues ;-)
>

This thread has come up other times and places - I'm sort of curios  
to understand what people view as  the issues of Digest inside TLS?

Received on Monday, 31 July 2006 15:10:05 UTC