httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Communicator 4.04 little bug (fwd)
Date Mon, 08 Dec 1997 17:03:04 GMT

---------- Forwarded message ----------
Date: Sun, 7 Dec 1997 18:34:30 +0000
From: Kenobi <kenobi@PULHAS.ORG>
Subject: Communicator 4.04 little bug


i was testing some stuff with Digest Authentication and notice this little
problem with Communicator 4.04 (Tested on Linux and NT). IE3.02 (the only
available around here) does not experience this problem.

Apparently Communicator does not suport Digest Auth but it still accepts
the challenge. After the user enter his username and password, Communicator
sends it to the server but obfuscated with Basic.

Now, if you set up a site protected with Digest, you would expect the
password not to travel plaintext (basic is plaintext) on the network, but
that is what happens.

the correct procedure would be to fail right there when he receives the
WWW-Authenticate: Digest header, like IE does.

Kenobi, JAPH BOFH Not-Eng
 -- I dunno, I dream in Perl, sometimes -- LWall

View raw message