Richard Lynch wrote:
"HTTP Basic Authorization" send login:password in clear text (only base64 encoded) so it can be 'eavesdropped'I could be *WAAAAAY* wrong, but I thought nobody ever bothered with Digest Auth because, errrr.
It's not better/safer than HTTP Auth?
in
"HTTP Digest Authorization" password is hashed md5(...) co can not be direct readed.
Digest is more secure than Basic and was developed as replacement of Basic
Yes SSL is solution, but when ISP does not support it ... ?
You might as well go with SSL if you go to that much trouble?
I have tested it with IE5.x, FireFox 1, Opera 7 and all works OKNot enough browsers support it?
Okay, so clearly I don't remember why I thought this.
Google for "PHP HTTP Digest Authentication" and see what turns up...
But don't be surprised if the answer is "Not supported"
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
