Mark Thomas wrote:
On 24/12/2009 02:18, Christopher Schultz wrote:
On 12/23/2009 2:13 PM, Mark Thomas wrote:
digest is (almost) completely orthogonal to DIGEST authentication.
digest controls whether or not the password stored on the server is held
in plain text or in digest form. It is (almost
On 24/12/2009 02:18, Christopher Schultz wrote:
> On 12/23/2009 2:13 PM, Mark Thomas wrote:
>> digest is (almost) completely orthogonal to DIGEST authentication.
>
>> digest controls whether or not the password stored on the server is held
>> in plain text or in digest form. It is (almost) indepen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 12/23/2009 2:13 PM, Mark Thomas wrote:
> On 23/12/2009 16:49, Christopher Schultz wrote:
>> The servlet specification actually makes DIGEST authentication optional
>> for spec0compliant containers, which is interesting. There is also no
>> (s
On 23/12/2009 16:49, Christopher Schultz wrote:
> The servlet specification actually makes DIGEST authentication optional
> for spec0compliant containers, which is interesting. There is also no
> (standard) way to configure the algorithm for DIGEST authentication.
> Tomcat allows you to do it using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/21/2009 7:34 AM, André Warnier wrote:
> insi wrote:
>> Hi,
>>
>> My tomcat server is sending www-authenticate (digest) header but the
>> header
>> doesn't contain the algorithm field, which one is choosen by default?
> MD5
>> How do I specify i
insi wrote:
Hi,
My tomcat server is sending www-authenticate (digest) header but the header
doesn't contain the algorithm field, which one is choosen by default?
MD5
How do I specify it to use particular algorithm (sha1/md5)?
In short, you can't.
See HTTP 2616 and 2617.
Theoretically, you co
