Talk:HTTPS/Authenticated: Difference between revisions
→What's it all about?: Break it up?
(→What's it all about?: Break it up?) |
|||
Line 3:
: It looks like it's using standard HTTP authentication over an SSL tunnel. HTTP natively supports auth without cookies or login forms. It's not widely used. --[[User:Short Circuit|Short Circuit]] 22:13, 8 May 2009 (UTC)
:: If only it was not widely used. Our intranet is infested with it. Still, it's about the best we can do without webscraping (can't count on all login forms to work the same way...) Bad challenge really. Or we could adjust the overall challenge to request demonstrating both this way and also via having the client present a certificate that the server understands (which means wrestling with the nastiness that is SSL configuration). —[[User:Dkf|Dkf]] 21:16, 9 May 2009 (UTC)
::: Then, really, the challenge should be broken into four distinct parts. HTTP connection, HTTPS connection, HTTP auth and cert auth as an SSL client. --[[User:Short Circuit|Short Circuit]] 03:23, 10 May 2009 (UTC)
| |||