Re: [wildfly-dev] Removing curl support from management HTTP
On Jan 8, 2014, at 2:00 PM, Aleksandar Kostadinov <akostadi(a)redhat.com> wrote:
I'm not sure what other auth mechanism you are talking about.
There
might be something new and very elaborated.
Just a SHA based digest vs an MD5 one
But the problem with non-encrypted connections is that any hash could be
used without the need to recover the plain text password. With cookies,
one can sniff and use them.
That’s not true. Digest is a challenge response protocol that uses a nonce as part of the
sent hash. A packet sniffed hash can’t be replayed.
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat