Re: Authorization with WWW-Authenticate (bis) from Nicolas Alvarez on 2009-11-11 (ietf-http-wg@w3.org from October to December 2009)

From: Nicolas Alvarez <nicolas.alvarez@gmail.com>
Date: Wed, 11 Nov 2009 19:54:45 -0300
To: ietf-http-wg@w3.org
Message-ID: <hdffbk$r7p$1@ger.gmane.org>

Henrik Nordstrom wrote:
> What is unspecified is how the user agent should behave if none of the
> provided challenges is understood. It seems to me that most user agents
> then fall back on basic auth with unspecified realm which imho is not a
> bad thing to do. Both unlikely to be accepted by the server AND exposing
> password details in the plain for no good value, better to abort the
> request with an error.

Your third sentence makes me think you meant "is a bad thing" or "is not a 
good thing" in the second one...

Received on Wednesday, 11 November 2009 22:55:38 UTC