|
|
|
|
|
|
by groby_b
4201 days ago
|
|
|
Mostly agree with you, but minor nit: The server doesn't need to know anything reversible about the password. A message digest is enough. And your final paragraph is the reason I posted my original comment in the first place. Don't design a auth/security protocol when you design a mail protocol. Delegate to OAuth, move on. (Then again... debate rages there, too[1]. Auth is not fun(tm)) [1] http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-h... |
|
|