zope zserver support for Digest authentication
Paul Rubin
phr-n2002a at nightsong.com
Sat Jan 12 11:07:02 EST 2002
Michael Ströder <michael at stroeder.com> writes:
> > Does anyone know if zope zserver does support this, or does everyone
> > just deploy zope under Apache?
>
> The more interesting question might be which HTTP clients support
> Digest auth. and how secure a clear-text password DB is.
A lot of browsers still don't support digest auth, so it's unadvisable
for servers to depend on it. Digest auth was a worthwhile idea for
about 5 minutes, before there were free SSL servers and fast enough
computers to not get strained by SSL session negotiation. These days,
it's preferable to use HTTPS instead of HTTP if you need security.
More information about the Python-list
mailing list