W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2014

Re: [whatwg] Passwords

From: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
Date: Fri, 17 Oct 2014 17:09:13 +0200
To: rescator@emsai.net, whatwg@lists.whatwg.org
Message-ID: <87fvemraw6.fsf@dieweltistgarnichtso.net>
Roger H├ągensen <rescator@emsai.net> writes:

> Also http logins with plaintext transmission of passwords/passphrases 
> need to go away, and is a pet peeve of mine, I detest Basic 
> HTTP-Authentication which is plaintext.

Note that Basic Auth + HTTPS provides reliable transport security.

> Hashing the password (or passphrase) in the client is the right way to 
> go, but currently javascript is needed to make that possible.

Do you know about HTTP digest authentication?
<http://en.wikipedia.org/wiki/Digest_access_authentication>

-- 
Nils Dagsson Moskopp // erlehmann
<http://dieweltistgarnichtso.net>
Received on Friday, 17 October 2014 15:09:56 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC