-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Etienne,
On 1/28/2011 7:55 AM, Ing. Etienne V. Depasquale wrote: > The real problem lies in the fact that Tomcat does not specify any digest > algorithm in the www-authenticate header of HTTP/1.1, which leads the > browser to digest the password using MD5, regardless of the value of the > digest attribute in the <Realm> tag. You should definitely log a bug in bugzilla for that: Tomcat should be sending the digest algorithm to the client for DIGEST authentication. Be sure you use a protocol analyzer to ensure that the WWW-Authenticate header doesn't contain the digest. Otherwise, you'll waste your time filing the bug only to have it marked as INVALID. Also, always test with the most recent version in your version line (you didn't say which you were using). Current versions are Tomcat 7.0.6, 6.0.30, and 5.5.31: http://tomcat.apache.org/whichversion.html - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1C1igACgkQ9CaO5/Lv0PDSBwCcDWdYZhmI1EGrMyKFnZg5Hq+d iLAAoKTUilFEIuAG3J8wO1P2dmwwqtXh =BX+3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
