- From: John Franks <john@math.nwu.edu>
- Date: Thu, 29 Aug 1996 09:20:50 -0500 (CDT)
- To: ben@algroup.co.uk
- Cc: HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
On Thu, 29 Aug 1996, Ben Laurie (really Alexei Kosut) wrote: > > The problem here may be that no one actually *uses* digest auth. The > problem is that these servers don't let you use both together. This is > because both servers (indeed, pretty much all Unix HTTP servers that I > know of) store Basic passwords crypted. This makes them unusable for > Digest auth's purposes, which either needs the passwords in the clear or > hashed. So the vast installed base of installed authentication cannot use > digest (except in specific, intranet-like cases, where you are assured > that the user is capable of supporting digest auth). > I don't understand this. As you observe server support for digest auth is widely available. The reason no one uses it is because it is not supported by Netscape or MSIE -- period. As long as this remains the case digest will never be widely used. All other pros and cons for digest are pretty much irrelevant at this point. John Franks Dept of Math. Northwestern University john@math.nwu.edu
Received on Thursday, 29 August 1996 07:25:50 UTC