Brad Fitzpatrick (brad) wrote,
Brad Fitzpatrick
brad

RFC 2617

Earlier today I read through RFC 2617 (HTTP Digest Access Authentication) and was pretty impressed by a number of parts about it, particularly how the server can reply that the nonce value is stale and the client will reply without prompting the user for the password again. That was one of the things that'd always bothered me about HTTP-based challenge-response in the past, but I just hadn't taken the time to more than skim the RFC before.

But .... I wonder if this spec is implemented properly in enough common browsers. Does anybody know?

I could do some really cool shit with this, but I don't want to waste my time if it's going to only 80% work in 95% of browsers. Or, I could just go all 1995 and put up "This site best view with Netscape 12.0!" all over my sites.

Update: *sigh*... not perfectly with Mozilla.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments