Il dom, 2002-06-30 alle 13:02, dariondol ha scritto:
> Dici a parte il fatto che passa tutto in chiaro ?????? :))
Se intendi l'autentificazione dei client
è un problema di HTTP/1.1 più che di webDAV
Dal RFC 2518
A password sent in the clear over an insecure channel is an inadequate
means for protecting the accessibility and integrity of a resource as
the password may be intercepted. Since Basic authentication for HTTP/1.1
performs essentially clear text transmission of a password, Basic
authentication MUST NOT be used to authenticate a WebDAV client to a
server unless the connection is secure. Furthermore, a WebDAV server
MUST NOT send Basic
authentication credentials in a WWW-Authenticate header unless the
connection is secure.
Andy
|