- From: Jim Whitehead <ejw@cse.ucsc.edu>
- Date: Tue, 23 Oct 2001 11:04:08 -0700
- To: <mtimmerm@opentext.com>, "'WebDAV'" <w3c-dist-auth@w3.org>
> You're saying that if I run my server in an environment that doesn't allow > me to present Digest in the WWW-Authenticate headers, then that's OK, as > long as there's a checkbox for Digest somewhere and I've unchecked it? Just thought of another example. The Apache server "supports" Digest authentication, even though the process of enabling it involves installing a new module (mod_auth_digest). In the case of Apache, it is possible to create a server that does not have any Digest authentication code in the running server executable. Thus, Apache is an existence proof of "supporting" Digest, while not compromising security in environments where characteristics of the Digest implementation are unacceptable. - Jim
Received on Tuesday, 23 October 2001 14:08:02 UTC