Difference between revisions of "Talk:Server.pl"
From Organic Design wiki
(Later use MD5 instead of Base64) |
|||
Line 1: | Line 1: | ||
Currently HTTP authentication is just base64 encoded username:password which is basically just plain text, so the password can easily be discovered. | Currently HTTP authentication is just base64 encoded username:password which is basically just plain text, so the password can easily be discovered. | ||
*[http://frontier.userland.com/stories/storyReader$2159 Using MD5 with HTTP Authentication] | *[http://frontier.userland.com/stories/storyReader$2159 Using MD5 with HTTP Authentication] | ||
+ | *[http://greenbytes.de/tech/webdav/rfc2617.html RFC2617] | ||
+ | *[http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html MS ActiveDirectory, but lots of MD5 header info] |
Revision as of 09:04, 12 February 2006
Currently HTTP authentication is just base64 encoded username:password which is basically just plain text, so the password can easily be discovered.