[Owncloud] Basic vs Digest Authentication
Marc Leuser
marc.leuser at gmail.com
Sun Jun 9 20:22:44 UTC 2013
Hello people,
I'm fairly new to ownCloud and I've spent my Sunday testing and trying
to make it fit my needs. I've basically set it up to work the way I need
it to work. I can use WebDAV and the OC Sync client via https.
However there is one thing that confuses me. Why is OC using basic
authentication when it's considered insecure? From what I've read it's
basically possible to use Wireshark (as an example) to catch the packets
and then just decode the username and corresponding password. Isn't that
a huge security leak? I've been Browsing the SaberDAV manual for a
minute or two and read that it is even using digest by default. So why
is it that ownCloud doesn't use digest? It made me sceptical that I had
to allow unencrypted basic auth in Windows in order to use the native
WebDAV client.
I might be a little confused here, I surely am not an expert with
experience in state of the art software, but I'm not a total newb to
networking and security either (I suppose?)
I hope someone can enlighten me a bit, perhaps send me a link where I
can take some time and read about it?
Regards
More information about the Owncloud
mailing list