Closed
Bug 168942
Opened 22 years ago
Closed 8 years ago
Digest authentication with integrity protection
Categories
(Core :: Networking, enhancement)
Core
Networking
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: emanuel.abb, Unassigned)
Details
(Keywords: helpwanted, Whiteboard: [digest-auth])
Mozilla supports digest authentication as a replacement for basic in HTTP/1.1. Unfortunately, it doesn't support it completely as described in RFC2617, that is, it doesn't implement integrity protection yet (qop=auth-int, includes a hash of the body as well as the password/username to prevent the page transmitted from being tempered with). It would really be useful if implemented, as I can't use SSL for performance problems (embedded web server). I'm sure a lot of people would benefit from the security increase it provides! PS : The neon library (http://www.webdav.org/neon/) supports that all right, and is free software as well!
Updated•22 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [digest-auth]
Target Milestone: --- → Future
Comment 1•22 years ago
|
||
not sure when this'll get fixed... future for now.
Comment 4•18 years ago
|
||
-> default owner
Assignee: darin → nobody
Status: ASSIGNED → NEW
Component: Networking: HTTP → Networking
QA Contact: networking.http → networking
Target Milestone: Future → ---
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•