At 01:32 22/02/2001 +0000, you wrote:
>On Wed, Feb 21, 2001 at 02:10:59PM -0400, Diethelm Guallar, Gonzalo wrote:
> > > > (Like, possibly, why this is not the default mechanism, I'm guessing
> > there
> > > > is a good reason).
> > >
> > > Cause it is ugly to have the browser present a dialog people have to fill
> > > out. People like websites with a nice form in it.
> >
> > Are there any advantages to using HTTP to authenticate?
> > I'm guessing maybe HTTP will encrypt the user/password
> > combination, unlike a form, which will send the fields
> > unencrypted. If this is the case, how good is the HTTP
> > encryption?
>
>No, HTTP doesn't encrypt - no advantage.
Unless your webserver uses client certificate authentication for example... ;-)
HTTP Authorization is a pluggable mechanism and you can have very
nice secure authentication schemes using things like mod_ssl or single
sign-on products like SiteMinder.
Sure, it's usually possible to reimplement the same scheme with applicative
forms, but why do you want to reimplement this ?
IMO, Container level authentication is the way to go, the application should
only deal with authorization.
--
Raphaël Luta - [EMAIL PROTECTED]
Vivendi Universal Networks - Services Manager / Paris
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
