Hacker News new | past | comments | ask | show | jobs | submit login

Shoots down Basic auth without SSL, without mentioning Digest auth, weird.



I'm not sure I've ever seen a scenario where digest authentication was a win.


That's a good suggestion - will see if we can add a para about it. We use digest authentication, fwiw.


There are many types of digest authentication - OAuth1.0a and Amazon's and Stormpath's custom schemes are examples. Browser-specific digest authentication wasn't covered however since the article was about REST APIs and most REST clients are not browsers.


I'm pretty sure he means RFC 2617 Digest authentication. There's nothing browser-specific about it.


I gathered as much. But in practice, how often do you see RFC 2617 Digest authc used in non-browser scenarios? (I'm genuinely curious. I haven't seen it used much at all outside of web browsers, so I'm curious what others may have come across).


I've written Atom Publishing Protocol servers that use it. It's not badly-suited for non-browser tasks (although yes, SSL and Basic is much simpler - if you don't mind paying for the certificate). It's unusual, but it's pretty unusual to use it (or Basic) for web browsers these days, too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: