[wildfly-dev] Push for CORS in WildFly 8
Heiko Braun
hbraun at redhat.com
Wed Dec 11 05:53:49 EST 2013
yes, but this is not true for digest auth. there are actually very few client environments that fully support digest out of the box.
so i would say, this argument doesn't count as digest is not any less complicated to use then any other more sophisticated auth mechanism.
I agree to the TLS argument: for most other auth mechanisms i looked at it seems to be requirement indeed.
But can you elaborate why we cannot ship certificates (out of the box) that need to be replaced in production environments?
this would give us TLS and push the need to custom certificate creation beyond the out-of-the-box scenario.
On 10 Dec 2013, at 19:00, Darran Lofthouse <darran.lofthouse at jboss.com> wrote:
> The next issue is that by using standard HTTP authentication mechanisms standard APIs can be used in many programming languages to actually call the management interface without needing to know about alternative authentication schemes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20131211/3e89eb84/attachment.html
More information about the wildfly-dev
mailing list