Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP AUTH BASIC monowall.

From: Felix Lindner <fx () sabre-labs com>
Date: Thu, 16 Mar 2006 15:58:04 +0100
Hi,

On Thu, 16 Mar 2006 09:48:07 -0500
Simon Smith <simon () snosoft com> wrote:

My first thought was on how to harden the
authentication because the basic auth didn't cut it for me. Thats what I
am looking for ideas for.


you may be looking for Digest Authentication:
http://www.ietf.org/rfc/rfc2617.txt:

   "Like Basic, Digest access authentication verifies that both parties
   to a communication know a shared secret (a password); unlike Basic,
   this verification can be done without sending the password in the
   clear, which is Basic's biggest weakness. As with most other
   authentication protocols, the greatest sources of risks are usually
   found not in the core protocol itself but in policies and procedures
   surrounding its use."

cheers
FX

-- 
SABRE Labs                 | Felix 'FX' Lindner <fx () sabre-labs com> 
http://www.sabre-labs.com  | +49 171 7402062
                           | A740 DE51 9891 19DF 0D05  
                           | 13B3 1759 C388 C92D 6BBB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: