[Owncloud] Webdav Basic Authentication

André Schild a.schild at aarboard.ch
Thu Sep 12 08:27:08 UTC 2013


> Dear Group,
> 
> I am not a webdav expert but I read on a microsoft website, that microsoft
> disabled Basic Authentication for windows due to security reasons of the
> Basic Authentication standard. I also read "The most serious flaw in Basic
> authentication is that it results in the essentially cleartext transmission of the
> user's password over the physical network." on this website:
> http://www.webdav.org/specs/rfc2617.html#rfc.section.4.1
> 
> If I get this right, it is not a good idea that owncloud only uses this type of
> Authentication standard?
[Andre Schild] 

This is no problem as long as you use https,
then then password is safe.

If you don't use https, then anyway you security is compromised,
it does then not matter if your send the password in cleartext
or some other half-secure way

André



More information about the Owncloud mailing list