Eric Wittmann created OVERLORD-133: -------------------------------------- Summary: Explore DIGEST authentication support in favor of BASIC Key: OVERLORD-133 URL: https://issues.jboss.org/browse/OVERLORD-133 Project: Overlord Issue Type: Enhancement Security Level: Public (Everyone can see) Reporter: Eric Wittmann Assignee: Eric Wittmann We currently use BASIC authentication in several places (e.g. in DTGov for the s-ramp query executor and when a workflow calls out to REST services). BASIC is vulnerable so we should explore supporting DIGEST authentication on both the server and client. The challenge (for an unauthenticated client call) should be DIGEST but the protection should allow all auth mechanisms (BASIC, Bearer Token, DIGEST). -- This message was sent by Atlassian JIRA (v6.2.6#6264)