[mod_python] Authentication behaviour

David Fraser davidf at sjsoft.com
Thu Aug 7 08:21:48 EST 2003


Mike Looijmans wrote:

>Note that (unless the "Digest" authentication algorithm is used) the "Basic"
>HTTP authentication is highly insecure and therefore you should never ever
>use unix account data for this. Digest is only supported by IE and probably
>the newer Mozilla's (haven't tried those, NS 6 did not support it).
>  
>
Mozilla supported Digest authentication since December 2001 (see 
http://bugzilla.mozilla.org/show_bug.cgi?id=15860)
Netscape 6 was released in December 2000 so doesn't include it; Mozilla 
0.9.7 or higher and Netscape 7.0 or higher should include it.
However, note this article about incompatibilities with at least some 
versions of IE and Apache:
http://www.eweek.com/print_article/0,3668,a%3D24177,00.asp
I think I've seen problems from this, so I would concur with the advice 
about using session cookies if possible.
David

>I prefer using session cookies for authentication, since that is (if
>implemented properly) more secure and allows the user to log out.
>
>Mike.
>  
>




More information about the Mod_python mailing list