[wildfly-dev] Removing curl support from management HTTP
Jason Greene
jason.greene at redhat.com
Wed Jan 8 15:54:25 EST 2014
On Jan 8, 2014, at 2:00 PM, Aleksandar Kostadinov <akostadi at redhat.com> wrote:
> I'm not sure what other auth mechanism you are talking about. There
> might be something new and very elaborated.
Just a SHA based digest vs an MD5 one
>
> But the problem with non-encrypted connections is that any hash could be
> used without the need to recover the plain text password. With cookies,
> one can sniff and use them.
That’s not true. Digest is a challenge response protocol that uses a nonce as part of the sent hash. A packet sniffed hash can’t be replayed.
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
More information about the wildfly-dev
mailing list