"Diethelm Guallar, Gonzalo" wrote:
>
> > > (Like, possibly, why this is not the default mechanism, I'm guessing
> there
> > > is a good reason).
> >
> > Cause it is ugly to have the browser present a dialog people have to fill
> > out. People like websites with a nice form in it.
>
> Are there any advantages to using HTTP to authenticate?
Removing load from machines performing other application logic.
Assuming you have such a hardware configuration.
> I'm guessing maybe HTTP will encrypt the user/password
> combination, unlike a form, which will send the fields
> unencrypted. If this is the case, how good is the HTTP
> encryption?
I think it sends it in clear text or at most a trivial encoding.
>
> And any way, is this all moot when you switch to HTTPS?
Yes, as jon said the advantage to using a form over http authentication
is that people prefer the experience over a popup dialog. People who
hit the Cancel button are not greeted to a Not Authorized page as well,
though I am sure that can be configured better than many sites do.
John McNally
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
