[Lispweb] Araneida basic versus digest authentication
Kamen TOMOV
kamen at evrocom.net
Fri Mar 24 11:07:04 CST 2006
On Thu, Mar 23 2006, Jonathon McKitrick wrote:
> I've been able to use the make-basic-authentication-handler function without a
> problem. But how can I switch this from basic to digest type authentication?
I don't know about Araneida :-(
> Isn't basic considered much less secure?
The Basic authentication is not secure because the credentials are
passed in the request and can be stollen. The Digest auth is
considered secure as the credentials are not send. Instead a checksum
of a server supplied nonce value with the credentials is sent and the
server compares it with its calculation. An additional security can be
achieved by providing encryption on the transport layer (SSL).
HTH,
--
Kamen TOMOV
More information about the lispweb
mailing list