First page Back Continue Last page Overview Graphics
Passwords (cont)
HTTP 'Basic authentication'
Form-based authentication
- send unencrypted passwords in clear
- THIS can be resolved with https:
- but we've already said https: can be overkill
HTTP 'Digest authentication' resolves many problems, but has others of it's own
Notes:
Passwords must not be divulged
In this day and age, plain text password protocols really are not good enough
Digest auth uses the same (or almost the same) dialogue boxes as basic – how is a user to tell?