[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypted Passwords

To: openldap-software@OpenLDAP.org
Subject: Re: Encrypted Passwords
From: Julio Sanchez Fernandez <j_sanchez@stl.es>
Date: 19 Nov 2001 17:53:50 +0100
In-reply-to: <3BF54F4C.55CD6711@stroeder.com>
References: <3BF52830.64D1F1C0@ameritech.net> <20011116101304.C32266@usa.net> <3BF53808.BECA4955@ix.netcom.com> <3BF54F4C.55CD6711@stroeder.com>
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1

Michael Ströder <michael@stroeder.com> writes:

> Thomas Gagne wrote:
> > 
> > When you do basic authentication on a web server, the password arrives in the
> > CGI script encrypted.
> 
> No, unless the web server and the client are doing digest
> authentication which is very unlikely.

IIRC, it travels base64-encoded in the request header, but is
otherwise in the clear.

Julio

References:
- Encrypted Passwords
  - From: Thomas Gagne <tgagne@ameritech.net>
- Re: Encrypted Passwords
  - From: Peter W <peterw@usa.net>
- Re: Encrypted Passwords
  - From: Thomas Gagne <tgagne@ix.netcom.com>
- Re: Encrypted Passwords
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: indexing createTimestamp
Next by Date: Re: LDAP API to get the search base
Index(es):
- Chronological
- Thread