W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > July to September 2004

Re: Accessibility of Pages Requiring Sign-In

From: Matthew Smith <matt@kbc.net.au>
Date: Wed, 28 Jul 2004 08:18:27 +0930
Message-ID: <4106DBBB.8060803@kbc.net.au>
To: WAI Interest Group <w3c-wai-ig@w3.org>

Jon Hanna wrote:
> Basic Authentication is even less secure than the better cookie systems. There
> is no real reason to use it when you can use Digest Authentication instead,
> however your two issues with Basic also apply to Digest (if less so).

Digest authentication does appeal to me* but, the last time I checked, browser 
support for this was far from universal.

I want an authentication system that is accessible in that
a) it is easy to use, including "bookmarkability" of pages and
b) is device independent

Am I out of date in thinking that Digest Authentication is poorly supported?



* I once wrote an authentication system using JavaScript that made an MD5 hash 
of a user name and password entered in form fields and then set as a session 
cookie.  Each "protected" programme would check this hash against one generated 
from a database.  If I remember correctly, I hashed with a random string 
generated by the server on each log in.  Session-based authentication of a sort. 
  It didn't work all that well so I had to ditch it and go back to Basic with 

Matthew Smith
Kadina Business Consultancy
South Australia
Received on Tuesday, 27 July 2004 18:48:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 13 October 2015 16:21:29 UTC