OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ati

[ Lists Home | Date Index | Thread Index ]

At 11:32 PM -0500 1/5/04, Rich Salz wrote:

>Then my requirement of limited exposure isn't met.  Even worse, if *any*
>packet is stolen, then my password is exposed.  The only way to prevent
>this is to use SSL for all traffic, which is not always a feasible,
>or even reasonable, trade-off.

What you state is only true for the basic authentication scheme. 
Modern browsers and servers support digest authentication which 
securely transmits an encrypted password even over a plain HTTP 
connection. Only the password need be encrypted if the rest of the 
data isn't sensitive, so unnecessary cost is paid. This is described 
in RFC 2617 ftp://ftp.isi.edu/in-notes/rfc2617.txt

   Elliotte Rusty Harold
   Effective XML (Addison-Wesley, 2003)


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS