Jean-Marc Desperrier wrote: >> - it matches poorly with web sessions including logout >> - the GUI look like c--p >> - it offers no branding capability > > I think the problem is almost exactly the same as the one that has > caused form/cookie based authentication to replace "Basic Authentication".
Not really. HTTP basic authc is security-wise worse than form-based authc with session handling because the user's credential goes over the wire in clear with each HTTP request and the browser caches it for the whole time it is running. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
