On Tue, 4 Nov 2003, russm wrote: > On 04/11/2003, at 3:45 AM, Tom Jackson wrote: > > > Digest Auth seems pretty useless if it requires storing plain text > > passwords. That makes a big payoff for breaking into a webserver, > > database or whatever stores the passwords. > > that's ridiculous - if you can't secure your server enough to protect > the user passwords then you can't secure it enough to protect the > content protected by those passwords, and you're already up the > proverbial creek without a paddle.
The "put all the eggs in one basket, and WATCH THAT BASKET" philosophy? The crypto community soundly rejected Auth-Digest. Insulting someone's administration skills doesn't change that, and it doesn't make Digest look any better. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
