Hugh Allen wrote: > * HTTP basic authentication > * Form-based authentication > * Client-certificate authentication
I had lumped HTTP Basic authentication together with FORM authentication, and meant both of them when I wrote about "HTTP authentication" in my last post. I was thinking that form based authentication was a kind of HTTP authentication, but I may be mistaken about that. Anyhow, form-based authentication is what I have recently found to have enough gotchas to drive me to look for better, maybe to write my own.
It appears that Form-based authentication, when combined with SSL, is flexible and does not expose passwords or messages in plain text.
I agree. It APPEARS decent. But how often is it actually used in serious work?
> ... This
is what I plan to use for my production environment, but I haven't gotten the SSL cert yet.
Based upon my limited experience, I warn you against form based authentication. The SSL part has worked without difficulty for me, however.
Thank you for the links.
Rich Hammer
_______________________________________________ Juglist mailing list [EMAIL PROTECTED] http://trijug.org/mailman/listinfo/juglist_trijug.org
