Y
Hacker News
new
|
ask
|
show
|
jobs
by
comradesmith
3077 days ago
HTTP Basic authentication should never be used, it is very vulnerable to traffic analysis attacks. HTTP Digest authentication however, would be a perfectly fine solution.
1 comments
dozzie
3077 days ago
How so? Over SSL? (Note that you should never call anything requiring authentication/authorization over plain HTTP.)
link
comradesmith
3077 days ago
A quick Google suggests you're right, as in either case you must run SSL/TLS.
Appypolylogies.
link