IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Michael Sweet mike at easysw.com
Tue Apr 13 13:40:07 EDT 1999


Paul Leach wrote:
> ...
> True, but so does the client. It can (and should be able to be)
> configured with the lowest level of security it will accept, and if
> the server only offers less secure protocols than that, it refuses
> to connect.

This isn't really a negotiation, tho.  The client can't change what
the server wants, and visa-versa...

> BTW: there is advantage to running Digest (instead of Basic), even
> with the weakest options, inside of TLS. Basic exposes your password
> to the server, whereas Digest server can store hashes of passwords
> that are realm specific, and so use of the same password in multiple
> realms isn't as big an exposure.
> ...

I agree that there are a lot of benefits with using Digest, but to
interface to an existing non-MD5-based authorization system you need
to use Basic so you have the original password text to work with.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike at easysw.com
Printing Software for UNIX                       http://www.easysw.com



More information about the Ipp mailing list