James M Snell wrote:
You would be hard pressed to find a *single* web service today
that supports both Basic and Digest at the same time. I know
the spec says that it's possible, the reality is that it just isn't
done.
To be absolutely honest, at the moment I can't recall a single service
that has used digest authentication successfully.
LiveJournal uses digest authentication for private feeds. And Apache has a
digest implementation which worked for me. Also when I was doing proxy
testing, the first product I tried (can't remember the name) supported both
Basic and Digest at the same time. When you say the digest authentication
isn't used successfully do you mean it fails outright or there's some flaw
in their implementation that is a security risk? Just curious because they
all seemed to work ok for me.
Regards
James
