httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@leland.Stanford.EDU>
Subject Re: Communicator 4.04 little bug (fwd)
Date Mon, 08 Dec 1997 21:29:54 GMT
On Mon, 8 Dec 1997, Marc Slemko wrote:

> Sigh.

Yeah. Netscape has done this since as long as I can remember. When I wrote
mod_digest, I beleive I tested it with Navigator 1.0 and 1.1, and got this
behavior. I sent them a bug report at the time...

Cute, isn' it?

> ---------- Forwarded message ----------
> Date: Sun, 7 Dec 1997 18:34:30 +0000
> From: Kenobi <kenobi@PULHAS.ORG>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Communicator 4.04 little bug
> 
> hi!
> 
> i was testing some stuff with Digest Authentication and notice this little
> problem with Communicator 4.04 (Tested on Linux and NT). IE3.02 (the only
> available around here) does not experience this problem.
> 
> Apparently Communicator does not suport Digest Auth but it still accepts
> the challenge. After the user enter his username and password, Communicator
> sends it to the server but obfuscated with Basic.
> 
> Now, if you set up a site protected with Digest, you would expect the
> password not to travel plaintext (basic is plaintext) on the network, but
> that is what happens.
> 
> the correct procedure would be to fail right there when he receives the
> WWW-Authenticate: Digest header, like IE does.
> 
> --
> Kenobi, JAPH BOFH Not-Eng
> http://www.pulhas.org/~kenobi/
> kenobi@pulhas.org
>  -- I dunno, I dream in Perl, sometimes -- LWall
> 
> 

-- Alexei Kosut <akosut@stanford.edu> <http://www.stanford.edu/~akosut/>
   Stanford University, Class of 2001 * Apache <http://www.apache.org> *



Mime
View raw message