Micah Cowan wrote:
> However, performance at the cost of security is not a trade-off
> I am willing to make. Regardless of whether digest is widely
> used or not, any security-minded user who happens to discover
> the way we do things will be very upset with us, and justifiably
> so. This situation is really inexcusable.
I agree. I discovered this when trying to use wget with an HTTP
proxy that uses NTLM. (Is that on the list somewhere?) I was
dismayed to see that wget was volunteering my credentials before
even knowing what authentication scheme to use. There's not much
point in using a challenge-response authentication scheme if the
client is just going to send the credentials in cleartext anyway.
Rodney
CONFIDENTIALITY NOTICE:
This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader of
this message is not the intended recipient or the employee or agent responsible
for delivering this message to the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this
communication in error, please notify us immediately by email reply.
