|
David Fraser
davidf at sjsoft.com
Thu Aug 7 08:21:48 EST 2003
Mike Looijmans wrote: >Note that (unless the "Digest" authentication algorithm is used) the "Basic" >HTTP authentication is highly insecure and therefore you should never ever >use unix account data for this. Digest is only supported by IE and probably >the newer Mozilla's (haven't tried those, NS 6 did not support it). > > Mozilla supported Digest authentication since December 2001 (see http://bugzilla.mozilla.org/show_bug.cgi?id=15860) Netscape 6 was released in December 2000 so doesn't include it; Mozilla 0.9.7 or higher and Netscape 7.0 or higher should include it. However, note this article about incompatibilities with at least some versions of IE and Apache: http://www.eweek.com/print_article/0,3668,a%3D24177,00.asp I think I've seen problems from this, so I would concur with the advice about using session cookies if possible. David >I prefer using session cookies for authentication, since that is (if >implemented properly) more secure and allows the user to log out. > >Mike. > >
|