[mod_python] Authentication behaviour

David Fraser davidf at sjsoft.com
Thu Aug 7 08:21:48 EST 2003

Mike Looijmans wrote:

>Note that (unless the "Digest" authentication algorithm is used) the "Basic"
>HTTP authentication is highly insecure and therefore you should never ever
>use unix account data for this. Digest is only supported by IE and probably
>the newer Mozilla's (haven't tried those, NS 6 did not support it).
Mozilla supported Digest authentication since December 2001 (see 
Netscape 6 was released in December 2000 so doesn't include it; Mozilla 
0.9.7 or higher and Netscape 7.0 or higher should include it.
However, note this article about incompatibilities with at least some 
versions of IE and Apache:
I think I've seen problems from this, so I would concur with the advice 
about using session cookies if possible.

>I prefer using session cookies for authentication, since that is (if
>implemented properly) more secure and allows the user to log out.

More information about the Mod_python mailing list