ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Cole <oliverc...@f2s.com>
Subject RE: HTTP Authentication again
Date Tue, 09 May 2006 08:17:59 GMT
I think its desirable from the point of view of intuitiveness. To give
you an example, I rarely need to consult the JDOM javadocs because
everything is so intuitive. This is A Good Thing.

As for it being a security risk, its still stored in a string in the
binary, and so is trivially locatable. Over the wire, it'll be
transmitted in exactly the same manner.

Regards,

Oli

On Tue, 2006-05-09 at 09:25 +0200, Schölver, Andreas wrote:
> Is a clear text password really desirable or is it a security issue?
> 
> Andreas
> 
> > -----Original Message-----
> > From: Martin Redington [mailto:m.redington@ucl.ac.uk] 
> > Sent: Monday, May 08, 2006 11:56 PM
> > To: xmlrpc-user@ws.apache.org
> > Subject: Re: HTTP Authentication again
> > 
> > 
> > 
> > I think I was one of the original complainers about this (Hi Danny),  
> > back in the day.
> > 
> > This is definitely desirable, imho ...
> > 
> > On 8 May 2006, at 17:07, Danny Angus wrote:
> > 
> > > Here is another one..
> > >
> > > ---------- Forwarded message ----------
> > > From: Marek 'MMx' Ludha <mludha@gmail.com>
> > > Date: 02-Mar-2006 20:41
> > > Subject: HTTP Authentication again
> > > To: xmlrpc-user@ws.apache.org
> > >
> > >> I also tried to put username and password into URL, like
> > >> config.setServerURL(new URL("http://admin:admin1@127.0.0.1:8080/ 
> > >> resource"));
> > >> but this sent request with no authentication information at all.
> > >> Therefore I want to ask if I am doing something wrong or 
> > what is the
> > >> recomended way to authenticate.
> > >
> > 
> > 
> 


Mime
View raw message