hi! i was testing some stuff with Digest Authentication and notice this little problem with Communicator 4.04 (Tested on Linux and NT). IE3.02 (the only available around here) does not experience this problem. Apparently Communicator does not suport Digest Auth but it still accepts the challenge. After the user enter his username and password, Communicator sends it to the server but obfuscated with Basic. Now, if you set up a site protected with Digest, you would expect the password not to travel plaintext (basic is plaintext) on the network, but that is what happens. the correct procedure would be to fail right there when he receives the WWW-Authenticate: Digest header, like IE does. -- Kenobi, JAPH BOFH Not-Eng http://www.pulhas.org/~kenobi/ kenobiat_private -- I dunno, I dream in Perl, sometimes -- LWall
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:35:00 PDT