Re: [wildfly-dev] Removing curl support from management HTTP

On Jan 8, 2014, at 2:00 PM, Aleksandar Kostadinov <akostadi(a)redhat.com&gt; wrote: > I'm not sure what other auth mechanism you are talking about. There > might be something new and very elaborated. Just a SHA based digest vs an MD5 one > > But the problem with non-encrypted connections is that any hash could be > used without the need to recover the plain text password. With cookies, > one can sniff and use them. That’s not true. Digest is a challenge response protocol that uses a nonce as part of the sent hash. A packet sniffed hash can’t be replayed. -- Jason T. Greene WildFly Lead / JBoss EAP Platform Architect JBoss, a division of Red Hat _______________________________________________ wildfly-dev mailing list wildfly-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/wildfly-dev