[Owncloud] Basic vs Digest Authentication
Markus Goetz
markus at woboq.com
Mon Jun 10 06:59:14 UTC 2013
On 09.06.13 23:31, Bernhard Posselt wrote:
> Actually every login page should use SSL so I think it doesnt matter.
> Either you use SSL and youre secure or youre not.
>
>
Yes, please use SSL.
The reason 'basic' (instead of 'digest') is used is that you'd want to
give your authentication/user backend an unencrypted password since it
might have its own way of using the password to verify it.
Maybe ownCloud could give a big fat warning if the login screen is
acessed without SSL (although if SSL is terminated before the web server
somewhere, then it might not know about it)
More information about the Owncloud
mailing list