Re: [Inf-IT DAVcl] Blank page,with Internet Explorer
- Subject: Re: [Inf-IT DAVcl] Blank page,with Internet Explorer
- From: Tobias Mueller <muelli@xxxxxxxxxxxxxx>
- Reply-to: davclients@xxxxxxxxxx
- Date: Mon, 04 Apr 2016 11:39:36 +0200
- To: davclients@xxxxxxxxxx
On Mo, 2016-04-04 at 11:21 +0300, Ján Máté wrote:
> If you read the documentation, there is a mention about incorrect
> implementation of Digest auth in lot of browsers (especially if used
hm. that's odd.
The only thing I could find is
which currently reads:
4.) Digest authentication problems and how to solve them (if your server uses digest auth)
- Why digest authentication is problematic?
- What to do to solve this problem?
a.) Disable the digest authentication and enable the basic authentication in your server config (NOTE: ALWAYS use SSL /https/ for basic authentication!)
b.) Alternatively (if it is not possible to switch to basic auth) you can try to enable the globalUseJqueryAuth option in config.js (NOTE: there is no guarantee that it will work in your browser)
NOTE: if you want to use the auth module /see 6.) c.) below/ you MUST use basic auth (there is no digest auth support in this module)!
Unfortunately, it doesn't point to any actually identified problem.
So for now, the claims are not substantiated and it looks as if
theterrible security advice is given without reason.
> So really don't use digest, use basic auth in combination WITH
Sure. But that's two separate issues, as TLS is not used for (client)
authentication. You probably want both, a reasonably secure encryption
as well as a reasonably secure authentication. Recommending to use the
less secure authentication without (very) good cause seems ill-advised