Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP AUTH BASIC monowall.

From: "Gary E. Miller" <gem () rellim com>
Date: Thu, 16 Mar 2006 09:09:58 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Simon!

On Thu, 16 Mar 2006, Simon Smith wrote:


    Encoding a username and password combination using base64 is not
secure, but, I understand why it is encoded in base64. Having said that,
I am trying to discover/create an alternate method for authentication
that is secure even if the SSL pipe is compromised.


If you do not like HTTP AUTH in SSL then why not just step up to HTTP
AUTH DIGEST?

http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEGZvp8KZibdeR3qURAu3+AKD3GWCYBGSSKTDPtrEyWFXsb4AnvACgoPbS
Zosdi9zPVZO25tsl8nGsRkM=
=8/g1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: