cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: victory!

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 13 Jun 2003 09:42:55 +0200 (CEST)

On Fri, 13 Jun 2003, Cris Bailiff wrote:

> The order seems about right. You can probably only save a round-trip for
> Basic, and possibly NTLM, using this method (correct my if I'm wrong).

Yes, Basic and NTLM will gain one round-trip, while Digest and GSS-Negotiate
both will work the same.

> I'd say the 'ANY' flag should at least disable the sending of Basic in the
> initial request

Yes, it should. It wouldn't send any Authorization: header at all in the
first request, expecting a 401-reply telling it which methods it has to
select from.

We could possibly introduce an ANY_SAFE option as well, that doesn't allow
Basic to be attempted as that sends the credentials in plaintext...

-- 
 Daniel Stenberg -- curl: been grokking URLs since 1998
-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

Received on 2003-06-13

This message: [ Message body ]
Next message: Cris Bailiff: "Re: NTLM Test server details"
Previous message: Cris Bailiff: "Re: victory!"
In reply to: Cris Bailiff: "Re: victory!"
Next in thread: Dan Fandrich: "Re: victory!"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]