[4561] in WWW Security List Archive
Re: Basic Authentication
daemon@ATHENA.MIT.EDU (Christopher Petrilli)
Fri Feb 21 16:32:20 1997
Date: Fri, 21 Feb 1997 13:42:16 -0500
To: "Brian W. Spolarich" <briansp@ans.net>, Aaron Abelard <aarona@iquest.net>
From: petrilli@uol.com (Christopher Petrilli)
Cc: Jim Harmon <jim@telecnnct.com>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 03:34 PM 2/20/97 -0500, Brian W. Spolarich wrote:
>On Thu, 20 Feb 1997, Aaron Abelard wrote:
> There's support in HTTP/1.1 [RFC2068] for MD5-based digest
>authentication [RFC2069], which does not transmit the password in the
>clear. I'm not aware of any publicly-available servers and clients which
>do this, though. There's also the choice of doing Basic authentication
>over an SSL-encrypted session, which is safe from eavesdropping, and is
>currently implementable.
MD-5 (e.g. Digest Authentication) is supported in Apache 1.2, and in the
current release of NCSA Mosaic, but until Netscape and Microsoft support it
(and neither iwll COMMIT to it), it's really not very useful,
unfortunately. :/
Chris
--
| Christopher Petrilli http://www.uol.com
| petrilli@uol.com
