[whatwg] Re: Web form and HTTP authentication
ian at hixie.ch
Fri Dec 3 13:32:55 PST 2004
On Mon, 8 Nov 2004, Aaron Swartz wrote:
> My thinking was that the server would simply support both -- Digest
> Auth for WF2 UAs and standard insecure POST/cookie auth for old UAs.
> This would take a little extra coding but hardly seems insurmountable.
Digest Auth is insecure; the point of using HTTP auth for login instead of
cookies wouldn't be to increase security, it would be to put the
authentication information at the appropriate level. IMHO if we required
authors to implement both HTTP auth and POST/cookie auth, they'd only do
one, not both. There wouldn't be any advantage to doing both, really.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg