- From: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
- Date: Fri, 17 Oct 2014 17:09:13 +0200
- To: rescator@emsai.net, whatwg@lists.whatwg.org
Roger Hågensen <rescator@emsai.net> writes: > Also http logins with plaintext transmission of passwords/passphrases > need to go away, and is a pet peeve of mine, I detest Basic > HTTP-Authentication which is plaintext. Note that Basic Auth + HTTPS provides reliable transport security. > Hashing the password (or passphrase) in the client is the right way to > go, but currently javascript is needed to make that possible. Do you know about HTTP digest authentication? <http://en.wikipedia.org/wiki/Digest_access_authentication> -- Nils Dagsson Moskopp // erlehmann <http://dieweltistgarnichtso.net>
Received on Friday, 17 October 2014 15:09:56 UTC