zope zserver support for Digest authentication
Michael Ströder
michael at stroeder.com
Sat Jan 12 11:45:47 EST 2002
Paul Rubin wrote:
>
> Michael Ströder <michael at stroeder.com> writes:
> > > Does anyone know if zope zserver does support this, or does everyone
> > > just deploy zope under Apache?
> >
> > The more interesting question might be which HTTP clients support
> > Digest auth. and how secure a clear-text password DB is.
>
> A lot of browsers still don't support digest auth, so it's unadvisable
> for servers to depend on it.
The only one I know is recent Mozilla.
> Digest auth was a worthwhile idea for
> about 5 minutes, before there were free SSL servers and fast enough
> computers to not get strained by SSL session negotiation. These days,
> it's preferable to use HTTPS instead of HTTP if you need security.
Especially since you need clear-text passwords at the server's
side to implement Digest Auth. (Yuck!)
Ciao, Michael.
More information about the Python-list
mailing list