Micah Cowan wrote: > However, performance at the cost of security is not a trade-off > I am willing to make. Regardless of whether digest is widely > used or not, any security-minded user who happens to discover > the way we do things will be very upset with us, and justifiably > so. This situation is really inexcusable.
I agree. I discovered this when trying to use wget with an HTTP proxy that uses NTLM. (Is that on the list somewhere?) I was dismayed to see that wget was volunteering my credentials before even knowing what authentication scheme to use. There's not much point in using a challenge-response authentication scheme if the client is just going to send the credentials in cleartext anyway. Rodney CONFIDENTIALITY NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by email reply.