rbb at techgame.net
Fri Mar 25 19:16:32 CET 2005
On Mar 25, 2005, at 10:10 AM, Avi Bryant wrote:
> On Fri, 25 Mar 2005 12:06:29 -0500, Daniel Salama <dsalama at user.net>
>> Now, what I'd like to be able to do is, instead of using the standard
>> WABasicAuthentication that opens up a browser login window, I'd like
>> be able to redirect the user to a login form. WABasicAuthentication
>> sends information in clear text to the server and my login form is
>> running with SSL.
> Maybe there's something I'm missing, but: if the connection to the
> server is over SSL, why would the login form use that but not the
> basic auth? They're both just sending plaintext over HTTP. Are
> headers not encrypted with HTTPS?
You are not missing anything :-) If the connection between the browser
and the server is over https, then so is the basic auth. That has been
the standard techique for years to utilize basic auth in a secure
manner, since it sends that username/password for every connection.
> Seaside mailing list
> Seaside at lists.squeakfoundation.org
More information about the Seaside