[Twisted-Python] Something strange about cred

Phil Mayers p.mayers at imperial.ac.uk
Fri Feb 9 04:24:29 MST 2007


David Reid wrote:
> 
>> Death to HTTP digest authentication!
> 
> I don't know, I definitely prefer digest authentication[1] to sending
> my password in plaintext[2]

+1

web2 auth is a much better architecture.

I only spent a few hours looking at it (primarily looking at how Apples 
CalDAV server implemented SPNEGO - very neat) but it seemed to me that 
it could issue multiple WWW-Authenticate headers and the browser should 
pick and reply to the appropriate one.

Was my understanding correct? If so, why did the digest checker cause this?




More information about the Twisted-Python mailing list