commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adrian Sutton" <adrian.sut...@ephox.com>
Subject [HttpClient][PATCH] Basic Authentication does not use default credentials
Date Wed, 25 Sep 2002 04:58:57 GMT
Digest authentication falls back to the default credentials
(state.getCredentials(null)) when credentials for the specific realm aren't
found, however basic authentication doesn't currently do that.  This patch
makes basic authentication behave like digest authentication.

There is the security issue of having the username and password sent in
clear text without specifically saying to (normally it would be specified on
a per realm basis so it would be known to be sent via clear text), however I
think that's a little paranoid and it's better to behave consistently.

Adrian Sutton, Software Engineer
Ephox Corporation
www.ephox.com

............................................................................
..........
EditLive! The world leader in browser-based web authoring tools: Desktop &
Enterprise.
............................................................................
..........
This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom they are addressed. Opinions
contained in this email do not necessarily reflect the opinions of Ephox
Corporation.
If you have received this email in error please notify the sender
immediately and delete all copies of the correspondence from your computer
and/or computer network. No warranty is given that this message upon its
receipt is virus free and the sender in this respect accepts no liability.


Mime
View raw message