- From: Clemm, Geoff <gclemm@rational.com>
- Date: Tue, 16 Oct 2001 11:46:53 -0400
- To: WebDAV <w3c-dist-auth@w3.org>
Are you sure you are not confusing digest authentication with basic authentication? With digest authentication, a server only needs to expose its passwords in a cryptographically secure hash-coded form. Cheers, Geoff -----Original Message----- From: Dylan Barrell [mailto:dbarrell@opentext.com] Sent: Tuesday, October 16, 2001 11:13 AM To: WebDAV Subject: Digest Authentication I would like to propose a small change to the webDAV specification. Digest Authentication requires that a server store its passwords in such a way that they be available in clear text format. Our experience with our customers has shown that this is TOTALLY UNACCEPTABLE. As a result, we will not be able to implement digest authentication in our webDAV server. I would like to propose that the Digest Authentication requirement be demoted from mandatory to optional. --Dylan
Received on Tuesday, 16 October 2001 11:47:34 UTC