[Owncloud] Basic vs Digest Authentication

Marc Leuser marc.leuser at gmail.com
Sun Jun 9 20:22:44 UTC 2013


Hello people,

I'm fairly new to ownCloud and I've spent my Sunday testing and trying 
to make it fit my needs. I've basically set it up to work the way I need 
it to work. I can use WebDAV and the OC Sync client via https.

However there is one thing that confuses me. Why is OC using basic 
authentication when it's considered insecure? From what I've read it's 
basically possible to use Wireshark (as an example) to catch the packets 
and then just decode the username and corresponding password. Isn't that 
a huge security leak? I've been Browsing the SaberDAV manual for a 
minute or two and read that it is even using digest by default. So why 
is it that ownCloud doesn't use digest? It made me sceptical that I had 
to allow unencrypted basic auth in Windows in order to use the native 
WebDAV client.

I might be a little confused here, I surely am not an expert with 
experience in state of the art software, but I'm not a total newb to 
networking and security either (I suppose?)

I hope someone can enlighten me a bit, perhaps send me a link where I 
can take some time and read about it?

Regards



More information about the Owncloud mailing list