From: Alex M. <al...@mi...> - 2006-03-13 14:25:59
|
Wolfgang Meier wrote: > Good work! I just have one concern: the main reason for storing the > passwords in the database as hex digest with realm was to ensure > WebDAV conformance. WebDAV requires support for digest authentication > (though web.xml does currently configure basic auth, but just because > some windows clients won't accept digest). As eXist does not keep the > clear-text password, I had to store the whole encoded realm:password > string. Could you check org.exist.http.servlets.DigestAuthenticator to > see if it still works or can be changed? One line would have to change to base64 encode the digest rather than hex. While this change isn't necessary, I really think using base64 to encode the digests (which are binary) is much more normal. In the end, you just need to have some consistent string encoding of the password digests. --Alex Milowski |