
	Where results make sense

Topic: Digest access authentication

	[No title]
		Digest Access Authentication Scheme 2.1 Specification of Digest Headers The Digest Access Authentication scheme is conceptually similar to the Basic scheme.
		Likewise, the other strings digested by H() must not have white space on either side of the colons which delimit their fields unless that white space was in the quoted strings or entity body being digested.
		The authenticating server must assure that the document designated by the "uri" parameter is the same as the document served.
	www.w3.org /Protocols/rfc2069/rfc2069 (4818 words)

	RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication
		Standards Track [Page 1] RFC 2617 HTTP Authentication June 1999 Like Basic, Digest access authentication verifies that both parties to a communication know a shared secret (a password); unlike Basic, this verification can be done without sending the password in the clear, which is Basic's biggest weakness.
		Standards Track [Page 18] RFC 2617 HTTP Authentication June 1999 Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 3.6 Proxy-Authentication and Proxy-Authorization The digest authentication scheme may also be used for authenticating users to proxies, proxies to proxies, or proxies to origin servers by use of the Proxy-Authenticate and Proxy-Authorization headers.
		Standards Track [Page 23] RFC 2617 HTTP Authentication June 1999 4.8 Man in the Middle Both Basic and Digest authentication are vulnerable to "man in the middle" (MITM) attacks, for example, from a hostile or compromised proxy.
	www.packetizer.com /rfc/rfc.cgi?num=2617 (8421 words)

	Digest access authentication - Wikipedia, the free encyclopedia
		Digest access authentication is one of the agreed methods a web page can use to negotiate credentials with a web user (using the HTTP protocol).
		This method builds upon (and obsoletes) the basic authentication scheme, allowing user identity to be established without having to send a password in plaintext over the network.
		Digest access authentication was originally specified by RFC 2069 (An Extension to HTTP: Digest Access Authentication), which was later replaced by RFC 2617 (HTTP Authentication: Basic and Digest Access Authentication).
	en.wikipedia.org /wiki/Digest_access_authentication (1158 words)

	RFC 2069 - An Extension to HTTP : Digest Access Authentication
		Digest Access Authentication Scheme 2.1 Specification of Digest Headers The Digest Access Authentication scheme is conceptually similar to the Basic scheme.
		Standards Track [Page 13] RFC 2069 Digest Access Authentication January 1997 For applications where no possibility of replay attack can be tolerated the server can use one-time response digests which will not be honored for a second use.
		Standards Track [Page 15] RFC 2069 Digest Access Authentication January 1997 A second consequence of this is that the realm string should be unique among all realms which any single user is likely to use.
	www.packetizer.com /rfc/rfc.cgi?num=2069 (4861 words)

	HTTP Authentication: Basic and Digest Access Authentication
		The 407 (Proxy Authentication Required) response message is used by a proxy to challenge the authorization of a client and MUST include a Proxy-Authenticate header field containing at least one challenge applicable to the proxy for the requested resource.
		The digest authentication scheme may also be used for authenticating users to proxies, proxies to proxies, or proxies to origin servers by use of the Proxy-Authenticate and Proxy-Authorization headers.
		Digest authentication requires that the authenticating agent (usually the server) store some data derived from the user's name and password in a "password file" associated with a given realm.
	xml.resource.org /public/rfc/html/rfc2617.html (8636 words)

	An Extension to HTTP : Digest Access Authentication
		The digest authentication scheme may also be used for authenticating users to proxies, proxies to proxies, or proxies to end servers by use of the Proxy-Authenticate and Proxy-Authorization headers.
		Both Basic and Digest authentication are vulnerable to "man in the middle" attacks, for example, from a hostile or compromised proxy.
		Digest authentication requires that the authenticating agent (usually the server) store some data derived from the user's name and password in a "password file" associated with a given realm.
	www.cs.wisc.edu /~cao/digest-rfc2069.html (4876 words)

	Learn how digest access authentication works
		Digest access authentication is a more effective alternative to basic access authentication, an unencrypted method.
		While it is intended to replace the less secure basic access authentication, it is not suited to replace a more secure approach such as Kerberos or Public key protocol.
		Digest access authentication cannot be applied if the password authentication repository does not support the function of looking up plaintext passwords.
	glossary.spamlaws.com /definition/d/digest-access-authentication.html (169 words)

	RFC 2069 (rfc2069) - An Extension to HTTP : Digest Access Authentication
		It is also recommended that the optional be implemented for use with POST or PUT requests to assure the integrity of the posted data.
		More subtly, the attacker can alter any of the entity-headers not incorporated in the computation of the digest, The attacker can alter most of the request headers in the client's request, and can alter any response header in the origin-server's reply, except those headers whose values are incorporated into the "digest" field.
		If a user can be led to believe that she is connecting to a host containing information protected by a password she knows, when in fact she is connecting to a hostile server, then the hostile server can request a password, store it away for later use, and feign an error.
	www.faqs.org /rfcs/rfc2069.html (4637 words)

	index
		Digest Authentication is required so that a WebDAV server can prevent an unauthorized user from modifying content on the server as well as providing a mechanism for authenticating users who make requests for resource locks (e.g., exclusive write locks).
		Digest Authentication does not require a clear-text password to be transferred over the network unlike Basic Access Authentication [4].
		Digest Authentication uses the same challenge-response paradigm as Basic, where the server challenges the client to authenticate itself, and the client responds with its authentication.
	www.cs.columbia.edu /~hgs/teaching/ais/1998/projects/WebDAV/report.html (3326 words)

	[No title]
		Like Basic, Digest access authentication verifies that both parties to a communication know a shared secret (a password); unlike Basic, this INTERNET-DRAFT HTTP Authentication Friday 13 March 1998 verification can be done without sending the password in the clear, which is Basic's biggest weakness.
		The 407 (Proxy Authentication Required) response message is used by a proxy to challenge the authorization of a client and MUST include a Proxy-Authenticate header field containing a challenge applicable to the proxy for the requested resource.
		Nevertheless many functions remain for which Digest authentication is both useful and appropriate (any service in present use that uses Basic should be switched to Digest as soon as practical).
	bgp.potaroo.net /ietf/all-ids/draft-ietf-http-authentication-01.txt (7787 words)

	Authentication, Authorization, and Access Control
		Access can be granted or denied based on a wide variety of criteria, such as the network address of the client, the time of day, the phase of the moon, or the browser which the visitor is using.
		Access control is analogous to locking the gate at closing time, or only letting people onto the ride who are more than 48 inches tall - it's controlling entrance by some arbitrary condition which may or may not have anything to do with the attributes of the particular visitor.
		And so every time a document is accessed which is secured with basic or digest authentication, Apache has to open up those text password files and look through them one line at a time, until it finds the user that is trying to log in, and verifies their password.
	httpd.apache.org /docs/howto/auth.html (5326 words)

	[No title]
		The 407 (Proxy Authentication Required) response message is used by a proxy to challenge the authorization of a client and MUST include a Proxy- Authenticate header field containing at least one challenge applicable to the proxy for the requested resource.
		The authentication parameter realm is defined for all authentication schemes: realm = "realm" "=" realm-value realm-value = quoted-string Franks, et al.
		Standards Track [Page 18] RFC 2617 HTTP Authentication June 1999 Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 3.6 Proxy-Authentication and Proxy-Authorization The digest authentication scheme may also be used for authenticating users to proxies, proxies to proxies, or proxies to origin servers by use of the Proxy-Authenticate and Proxy-Authorization headers.
	www.ietf.org /rfc/rfc2617.txt (8494 words)

	SOAP Extensions: Basic and Digest Authentication
		The Digest mechanism is a challenge/response protocol in which the client presents its credentials in response to a challenge from the server, which consists of an opaque data string called a "nonce".
		The same technique is used in the mutual authentication scenario, where the server authenticates itself to the client by presenting a digest as credentials in response to a challenge from the client.
		In this case also the challenge consists of a client-produced nonce to be used as input to the digest function, allowing the client to influence the digest value in a way not controlled by the server.
	www.whitemesa.com /soapauth.html (3818 words)

	HTTP Authentication: Basic and Digest Access Authentication
		The digest authentication scheme may also be used for authenticating users to proxies, proxies to proxies, or proxies to origin servers by use of the Proxy-Authenticate and Proxy-Authorization headers.
		The Basic authentication scheme is not a secure method of user authentication, nor does it in any way protect the entity, which is transmitted in cleartext across the physical network used as the carrier.
		Digest authentication requires that the authenticating agent (usually the server) store some data derived from the user's name and password in a "password file" associated with a given realm.
	www.greenbytes.de /tech/webdav/rfc2617.html (8327 words)

	Definition of Digest access authentication
		Digest access authentication is one of the agreed methods a web page can use to negotiate credentials with a web user (using the HTTP protocol).
		This method builds upon (and obsoletes) the basic authentication scheme, allowing user identity to be established without without having to send a password in plaintext over the network.
		Digest access authentication was originally specified by RFC 2069, which was later replaced by RFC 2617.
	www.wordiq.com /definition/Digest_access_authentication (174 words)

	RFC 2617
		The "MD5-sess" algorithm is intended to allow efficient 3rd party authentication servers; for the difference in usage, see the description in section 3.2.2.2.
		As shown in the example nonce in section 3.2.1, the server is free to construct the nonce such that it may only be used from a particular client, for a particular resource, for a limited period of time or number of uses, or any other restrictions.
		authentication, then uses the cleartext credentials from the Basic authentication to authenticate to the origin server using the stronger scheme it requested.
	www.apps.ietf.org /rfc/rfc2617.html (8225 words)

Try your search on: Qwika (all wikis)