?

Log in

No account? Create an account
RFC 2617 - brad's life — LiveJournal [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

RFC 2617 [Jun. 9th, 2002|12:29 am]
Brad Fitzpatrick
Earlier today I read through RFC 2617 (HTTP Digest Access Authentication) and was pretty impressed by a number of parts about it, particularly how the server can reply that the nonce value is stale and the client will reply without prompting the user for the password again. That was one of the things that'd always bothered me about HTTP-based challenge-response in the past, but I just hadn't taken the time to more than skim the RFC before.

But .... I wonder if this spec is implemented properly in enough common browsers. Does anybody know?

I could do some really cool shit with this, but I don't want to waste my time if it's going to only 80% work in 95% of browsers. Or, I could just go all 1995 and put up "This site best view with Netscape 12.0!" all over my sites.

Update: *sigh*... not perfectly with Mozilla.
LinkReply

Comments:
[User Picture]From: decklin
2002-06-09 12:53 am (UTC)
Something I read in a dead-tree magazine the other day at work:

http://www.eweek.com/print_article/0,3668,a=24177,00.asp

I haven't tried any of this myself, but it sounds like IE might be totally borked here. :(
(Reply) (Thread)
[User Picture]From: brad
2002-06-09 01:01 am (UTC)
Wish it detailed how they differed.
(Reply) (Parent) (Thread)