Re: potential security holes in digest authorization

Albert Lunde (Albert-Lunde@nwu.edu)
Mon, 17 Jul 1995 10:30:13 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Kristol: "Re: potential security holes in digest authorization"
Previous message: Dave Kristol: "Re: potential security holes in digest authorization"
Maybe in reply to: Brad Barber: "potential security holes in digest authorization"
Next in thread: Dave Kristol: "Re: potential security holes in digest authorization"

At 10:17 AM 7/17/95, dmk@allegra.att.com wrote:
>Fair enough.  How about using the server-name in place of realm, then?
>(After all, it's possible two webmasters might choose the same realm
>name on different servers, isn't it!) That would render the same
>username/password combination unique on different machines.  So the
>stored hash would be:
>	H(<username> : <server-domain-name> : <password>)

It may not be obvious to a client which of several CNAMEs for a particular
server should be used, (this relates to the vanity-names/URL issue).

---
    Albert Lunde                      Albert-Lunde@nwu.edu

Next message: Dave Kristol: "Re: potential security holes in digest authorization"
Previous message: Dave Kristol: "Re: potential security holes in digest authorization"
Maybe in reply to: Brad Barber: "potential security holes in digest authorization"
Next in thread: Dave Kristol: "Re: potential security holes in digest authorization"