Proposal for "Auth_HTTP_Digest"

» Metadata » Status
  • Category: Authentication
  • Proposer: Rui Hirokawa 
  • License:
» Description
PEAR::Auth_HTTP_Digest class provides methods for creating an HTTP digest authentication system based on RFC2617.
HTTP Basic authentication is not secure because the client's password is transmitted as plain-text.
HTTP Digest authentication is more secure than the Basic authentication because the password is transmitted as md5 hash value of several parameters.
» Dependencies » Links
  • Auth
  • Auth_HTTP
» Timeline » Changelog
  • First Draft: 2004-02-17
  • Proposal: 2004-02-18
  • Call for Votes: 2004-02-27
  • Voting Extended: 2004-03-06
  • Rui Hirokawa
    [2004-02-21 12:22 UTC]

    - fixed SQL injection bug.
    - added forceDigestOnly flag to prevent to use Basic authentication.
    - added TODO file.
    (respond to the comment by Paul.)
    - fixed packaging problem.
  • Rui Hirokawa
    [2004-02-22 01:26 UTC]

    - fixed DB method referencing error.
    - 'WWW-Authenticate: Basic' should not be sent if forceDigestOnly is true.
    - added README including confirmed
    browser list.