- From: Chuck Shotton <cshotton@biap.com>
- Date: Mon, 17 Jul 1995 10:01:47 -0500
- To: Dave Kristol <dmk@allegra.att.com>, john@math.nwu.edu
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>
>Fair enough. How about using the server-name in place of realm, then?
>(After all, it's possible two webmasters might choose the same realm
>name on different servers, isn't it!) That would render the same
>username/password combination unique on different machines. So the
>stored hash would be:
> H(<username> : <server-domain-name> : <password>)
This isn't any better, given that one user may have multiple occurences of
the same name and password for different realms. (It happens!) The best
would be a combination of host domain name and realm name.
--_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Chuck Shotton StarNine Technologies, Inc.
chuck@starnine.com http://www.starnine.com/
cshotton@biap.com http://www.biap.com/
"Shut up and eat your vegetables!"
Received on Monday, 17 July 1995 07:58:53 UTC