You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Brian Behlendorf <br...@wired.com> on 1995/03/23 22:51:28 UTC

Re: still more Digest Authentication comments (fwd)

More fodder for the code fiends.

For those not on the http-wg or www-talk mailing lists, a more secure
replacement for basic authentication was proposed using MD5 digests.  I
haven't had the time yet to install this or test it out, so caveat
programmor.  I won't have time over the next 4 or 5 days to play with this,
but if someone wants to look the code over and/or see how well this
integrates here it is.  I'll probably get to this next week, along with my
DBM patches (still waiting for the time to clean it up and do it right). 
There are still migration issues with this new method (like, how would
HotWired transition from basic authentication to digest authentication), and
it *is* experimental, though the proposal has been talked over pretty
thoroughly.  

	Brian	


---------- Forwarded message ----------
Date: Thu, 23 Mar 1995 15:35:50 -0600
From: Eric W. Sink <er...@spyglass.com>
To: Brian Behlendorf <br...@wired.com>
Subject: Re: still more Digest Authentication comments


My version of NCSA httpd_1.3R, with patches for Digest Authentication, may
be obtained from

http://www.spyglass.com/~eric/dist/httpd_digest.tar.Z


--
Eric W. Sink, Senior Software Engineer --  eric@spyglass.com

        http://www.spyglass.com/~eric/home.htm