- From: Matthew Smith <matt@kbc.net.au>
- Date: Wed, 28 Jul 2004 08:18:27 +0930
- To: WAI Interest Group <w3c-wai-ig@w3.org>
Jon Hanna wrote: <quote> > Basic Authentication is even less secure than the better cookie systems. There > is no real reason to use it when you can use Digest Authentication instead, > however your two issues with Basic also apply to Digest (if less so). </quote> Digest authentication does appeal to me* but, the last time I checked, browser support for this was far from universal. I want an authentication system that is accessible in that a) it is easy to use, including "bookmarkability" of pages and b) is device independent Am I out of date in thinking that Digest Authentication is poorly supported? Cheers M * I once wrote an authentication system using JavaScript that made an MD5 hash of a user name and password entered in form fields and then set as a session cookie. Each "protected" programme would check this hash against one generated from a database. If I remember correctly, I hashed with a random string generated by the server on each log in. Session-based authentication of a sort. It didn't work all that well so I had to ditch it and go back to Basic with mod_auth_mysql. -- Matthew Smith Kadina Business Consultancy South Australia
Received on Tuesday, 27 July 2004 18:48:32 UTC