Andrew Milton wrote:
In Digest Auth the browser 'hashes' the username and password the user enters and simply
sends the hash. The webserver does the same and compares the hash to the
hash sent by the browser. If they match then you're allowed in.
In Basic Auth the username and password are sen
Ok, I'm likely mistaken on this. I'm checking on the source. However I agree that you wouldn't want Digest Auth over SSL anyway.
On 2/16/06, Andrew Milton <[EMAIL PROTECTED]> wrote:
+---[ michael nt milne ]--| No, I read that for digest authentication to work the authenticat
+---[ michael nt milne ]--
| No, I read that for digest authentication to work the authentication data
can't
| be encrypted. Therefore it seems perfect for implementing more security on
| non-SSL sites or sites that don't need SSL but need more security on logon.
This is b
No, I read that for digest authentication to work the authentication data can't be encrypted. Therefore it seems perfect for implementing more security on non-SSL sites or sites that don't need SSL but need more security on logon.
On 2/16/06, Chris Withers <[EMAIL PROTECTED]> wrote:
Hi All,Someth
Hi All,
Something from another thread which I forgot to ask about...
Can you really not use digest auth with an ssl connection?
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
___
Z