> The NTLM over HTTP is fundamentally broken in it's design and should > never have seen the light. A classical "do it our way without regards > to standards" invention by Microsoft.
Yes, NTLM is horribly broken - just like almost everything developed by Microsoft. The only reason I recommend it is because of the single sign on capability it offers, that both basic and digest do not offer. > The exact same thing (automatic single sign on, without risking the > users private password) is fully possible to do with Digest MD5-sess > authentication, and I wish browser and OS vendors would see the light > and do so. You're right - the integration shouldn't be too difficult either. There would have to be some standard for the realm string (DNS domain name would be a good pick), and the OS would have to store MD5(username:realm:password) in its password database. It's just an issue of getting the vendors to support it - the OS vendors would have to support it first. AFAIK, even Linux doesn't support it. What about wrapping basic auth in SSL? Adam --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
