Serve Your iCal Calendars Using WebDAV
Subject:   Digest vs. Basic Authentication
Date:   2002-09-24 07:52:00
From:   eray
Thanks for the feedback from everyone. As author of this article, I want to address the security concerns of using basic authentication. It's true that digest auth is better because it uses strong encryption to protect the username and password. However, the version of Apache that ships with Mac OS X 10.2 which I use for my server is too old to implement digest auth correctly. It uses the deprecated mod_digest module instead of the correct mod_auth_digest shipping with current versions of Apache. I'm not sure why Apple is sticking with the out of date version of Apache and modules, but perhaps they will remedy that situation in the near future (I hope so). My attempts to use iCal with the older module failed, so I was left with only the basic auth option.

If you're doing mission critical work, you definitely should use strong encryption. But basic auth has been used for many years and is only just beginning to be phased out. I think that for purposes of experimentation it's probably okay to use basic auth, but you're on your own. I've requested that the editors add a cautionary statement to the article to make sure people realise the risk.

Thanks for reading and sorry for any confusion.

1 to 1 of 1
  1. Digest vs. Basic Authentication
    2002-09-24 14:56:55  mrprofessor [View]

    • Digest vs. Basic Authentication
      2003-01-15 14:14:32  anonymous2 [View]

1 to 1 of 1