Digest authentication falls back to the default credentials (state.getCredentials(null)) when credentials for the specific realm aren't found, however basic authentication doesn't currently do that. This patch makes basic authentication behave like digest authentication.
There is the security issue of having the username and password sent in clear text without specifically saying to (normally it would be specified on a per realm basis so it would be known to be sent via clear text), however I think that's a little paranoid and it's better to behave consistently. Adrian Sutton, Software Engineer Ephox Corporation www.ephox.com ............................................................................ .......... EditLive! The world leader in browser-based web authoring tools: Desktop & Enterprise. ............................................................................ .......... This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. Opinions contained in this email do not necessarily reflect the opinions of Ephox Corporation. If you have received this email in error please notify the sender immediately and delete all copies of the correspondence from your computer and/or computer network. No warranty is given that this message upon its receipt is virus free and the sender in this respect accepts no liability.
basic_default.patch
Description: Binary data
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
