A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/symfony/symfony/issues/24325 below:

[RFC] Deprecate HTTP Digest authentication · Issue #24325 · symfony/symfony · GitHub

Skip to content Navigation Menu

Saved searches Use saved searches to filter your results more quickly

Sign up You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert Additional navigation options

[RFC] Deprecate HTTP Digest authentication #24325

Description Q A Bug report? no Feature request? no BC Break report? no RFC? yes Symfony version 3.4

We've been discussing this internally and we want to know the opinion of the community. In short, "HTTP Basic" is better because you can hash the password with Bcrypt ... but "HTTP Digest" sends the HA1=MD5(username:realm:password). Even if it's not the password in clear, if you get access to the HA1 value, you can log in in the application. So, "HTTP Digest" is generally considered less secure than any other authentication mechanism.

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.3