[wildfly-dev] Push for CORS in WildFly 8

Darran Lofthouse darran.lofthouse at jboss.com
Wed Dec 11 07:26:39 EST 2013


On 11/12/13 10:53, Heiko Braun wrote:
> yes, but this is not true for digest auth. there are actually very few
> client environments that fully support digest out of the box.
>
> so i would say, this argument doesn't count as digest is  not any less
> complicated to use then any other more sophisticated auth mechanism.
>
> I agree to the TLS argument: for most other auth mechanisms i looked at
> it seems to be  requirement indeed.
> But can you elaborate why we cannot ship certificates (out of the box)

What you are talking about here is encrypting traffic with a key which 
is public knowledge.

 > that need to be replaced in production environments?

We know that will not happen in many installations - guaranteed!

> this would give us TLS and push the need to custom certificate creation
> beyond the out-of-the-box scenario.
>
>
>
>
> On 10 Dec 2013, at 19:00, Darran Lofthouse <darran.lofthouse at jboss.com
> <mailto:darran.lofthouse at jboss.com>> wrote:
>
>> The next issue is that by using standard HTTP authentication
>> mechanisms standard APIs can be used in many programming languages to
>> actually call the management interface without needing to know about
>> alternative authentication schemes.
>


More information about the wildfly-dev mailing list