Full Disclosure mailing list archives
Re: HTTP AUTH BASIC monowall.
From: "Gary E. Miller" <gem () rellim com>
Date: Thu, 16 Mar 2006 09:09:58 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Simon! On Thu, 16 Mar 2006, Simon Smith wrote:
Encoding a username and password combination using base64 is not secure, but, I understand why it is encoded in base64. Having said that, I am trying to discover/create an alternate method for authentication that is secure even if the SSL pipe is compromised.
If you do not like HTTP AUTH in SSL then why not just step up to HTTP AUTH DIGEST? http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem () rellim com Tel:+1(541)382-8588 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFEGZvp8KZibdeR3qURAu3+AKD3GWCYBGSSKTDPtrEyWFXsb4AnvACgoPbS Zosdi9zPVZO25tsl8nGsRkM= =8/g1 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: HTTP AUTH BASIC monowall., (continued)
- Re: HTTP AUTH BASIC monowall. gboyce (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Valdis . Kletnieks (Mar 15)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Andrew Simmons (Mar 17)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Mike Owen (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)
- Re: HTTP AUTH BASIC monowall. Gary E. Miller (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Jeremy Bishop (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 16)
- Re: HTTP AUTH BASIC monowall. Felix Lindner (Mar 17)
- Re: HTTP AUTH BASIC monowall. Brian Eaton (Mar 17)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)
- Re: HTTP AUTH BASIC monowall. Jason (Mar 17)
- Re: HTTP AUTH BASIC monowall. Mark Coleman (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)