> Why is check_password() crippled? Are there corner cases where it breaks,
> or certain browsers that have problems?
Yes. Notably, MS Internet Explorer.
>
> Below from the wiki I cited earlier in the thread, with minor
> thread-centric changes, the wiki explains what goes in all of these fields.
> ========
--skip--
>
> So is that basically it?
> Thanks,
>
Yes. In fact, you can omit first request/response pair. Daemon can fill out
Authorization header in the very first request, using it's own-chosen cnonce
value. Usually this is a timestamp in hex format, and server checks that the
timestamp is close enough to the current time (crude check that client uses
server-supplied cnonce). But shttpd does not check for that, that is why it
is possible to to whole thing in a single request.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
shttpd-general mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shttpd-general
