curl-library
Re: victory!
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 13 Jun 2003 09:42:55 +0200 (CEST)
Date: Fri, 13 Jun 2003 09:42:55 +0200 (CEST)
On Fri, 13 Jun 2003, Cris Bailiff wrote:
> The order seems about right. You can probably only save a round-trip for
> Basic, and possibly NTLM, using this method (correct my if I'm wrong).
Yes, Basic and NTLM will gain one round-trip, while Digest and GSS-Negotiate
both will work the same.
> I'd say the 'ANY' flag should at least disable the sending of Basic in the
> initial request
Yes, it should. It wouldn't send any Authorization: header at all in the
first request, expecting a 401-reply telling it which methods it has to
select from.
We could possibly introduce an ANY_SAFE option as well, that doesn't allow
Basic to be attempted as that sends the credentials in plaintext...
-- Daniel Stenberg -- curl: been grokking URLs since 1998 ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5Received on 2003-06-13