[Ach] http Auth Basic vs. Digest

Pepi Zawodsky pepi.zawodsky at maclemon.at
Tue Nov 5 00:52:56 CET 2013

Is there anything to say against Digest auth in an https connection? Or anything pro Basic auth?

I personally thing that plaintext credentials do not belong anywhere even in an https connection.

What do you think about the risk of credentials at rest in .htpasswd vs. in motion in https?

Best regards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131105/b3c39ce0/attachment.sig>

More information about the Ach mailing list