> The NTLM over HTTP is fundamentally broken in it's design and should
> never have seen the light. A classical "do it our way without regards
> to standards" invention by Microsoft.
Yes, NTLM is horribly broken - just like almost everything developed by
Microsoft. The only reason I recommend it is because of the single sign
on capability it offers, that both basic and digest do not offer.
> The exact same thing (automatic single sign on, without risking the
> users private password) is fully possible to do with Digest MD5-sess
> authentication, and I wish browser and OS vendors would see the light
> and do so.
You're right - the integration shouldn't be too difficult either. There
would have to be some standard for the realm string (DNS domain name would
be a good pick), and the OS would have to store MD5(username:realm:password)
in its password database.
It's just an issue of getting the vendors to support it - the OS vendors
would have to support it first. AFAIK, even Linux doesn't support it.
What about wrapping basic auth in SSL?
Adam
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001Received on Fri Jul 11 2003 - 06:26:34 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:56 MST