Thanks felix!
Felix Lindner wrote:
> Hi,
>
> On Thu, 16 Mar 2006 09:48:07 -0500
> Simon Smith <[EMAIL PROTECTED]> wrote:
>
>> My first thought was on how to harden the
>> authentication because the basic auth didn't cut it for me. Thats what I
>> am looking for ideas for.
>>
>
> you may be looking for Digest Authentication:
> http://www.ietf.org/rfc/rfc2617.txt:
>
> "Like Basic, Digest access authentication verifies that both parties
> to a communication know a shared secret (a password); unlike Basic,
> this verification can be done without sending the password in the
> clear, which is Basic's biggest weakness. As with most other
> authentication protocols, the greatest sources of risks are usually
> found not in the core protocol itself but in policies and procedures
> surrounding its use."
>
> cheers
> FX
>
>
--
Regards,
Jackass
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
