- From: Stefan Eissing <stefan.eissing@greenbytes.de>
- Date: Tue, 16 Oct 2001 17:56:57 +0200
- To: "Clemm, Geoff" <gclemm@rational.com>, "WebDAV" <w3c-dist-auth@w3.org>
Actually, you do not need to store cleartext in both cases. As Geoff explained, digest requires the server to store a secure hash of the username/password. You can use the same hash to verify Basic authentication, since the client send the password in (almost) clear text. Best Regards, Stefan > -----Original Message----- > From: w3c-dist-auth-request@w3.org > [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Clemm, Geoff > Sent: Tuesday, October 16, 2001 5:47 PM > To: WebDAV > Subject: RE: Digest Authentication > > > Are you sure you are not confusing digest authentication with basic > authentication? With digest authentication, a server only needs to > expose its passwords in a cryptographically secure hash-coded form. > > Cheers, > Geoff > > -----Original Message----- > From: Dylan Barrell [mailto:dbarrell@opentext.com] > Sent: Tuesday, October 16, 2001 11:13 AM > To: WebDAV > Subject: Digest Authentication > > > I would like to propose a small change to the webDAV specification. > > Digest Authentication requires that a server store its passwords in such a > way that they be available in clear text format. > > Our experience with our customers has shown that this is TOTALLY > UNACCEPTABLE. > > As a result, we will not be able to implement digest authentication in our > webDAV server. > > I would like to propose that the Digest Authentication requirement be > demoted from mandatory to optional. > > --Dylan > > >
Received on Tuesday, 16 October 2001 11:56:23 UTC