httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: Apache Server (fwd)
Date Fri, 21 Mar 1997 10:00:18 GMT
Rob Hartill wrote:
> Date: Thu, 20 Mar 1997 12:04:29 -0500
> From: John Taylor <john@verdi.cviog.uga.edu>
> To: apache-bugs@apache.org
> Subject: Apache Server
> 
> I know this must be a FAQ, but I have not found the answer anywhere...
> And I posted my question to comp.infosystems.www.servers.unix and never got
> a reply.
> 
> If I decide to use Apache 1.1.3 (I'd upgrade to 1.2.x if the functionality I
> need is there), and Netscape Navigator 3.01 as my client, is it possible to
> use MD5 mod_digest for authentication for this client/server combo?  I keep
> getting an error about the client using the wrong authentication type. 
> Also, does anyone have a list of supported clients for this module? Possibly
> MS Explorer?
> 
> Also, I am assuming that (most) MD5 clients would encrypt the password
> before they transmit it over the network.  I am trying to use an
> authentication method (w/ Apache) that does not send clear text or uuencoded
> passwords over the network.

Firstly, I don't think either MSIE or NN support digest authentication, and
secondly, Apache's digest authentication is not secure - it makes no attempt
to validate the cookie, and is therefore susceptible to a replay attack. It is
supplied purely for experimental purposes.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author

Mime
View raw message