IPP> RE: MOD - Proposed new functionality for clients to invoke HTTP s ecur ity

IPP> RE: MOD - Proposed new functionality for clients to invoke HTTP s ecur ity

IPP> RE: MOD - Proposed new functionality for clients to invoke HTTP s ecur ity

Josh Cohen joshco at microsoft.com
Fri Mar 19 14:30:44 EST 1999


> Paul said:
>
> If a server supports anon and basic, even if I have a userid 
> and password my jobs get submitted as anonymous
> 
This is a good point, I doubt this scenario has been discussed
before.
Is a viable option to:
if you have credentials, why not just send them along
the first time ? 

My first thought was that this might result in sending the
creds to unauthorized sites, which is a security issue.
However, it really isnt, you'd send those creds anyway if
the server challenged you (provoked or unprovoked).
Either way, you'd need to know which servers are allowed
to receive which credentials if you want to avoid this.

And of course, hopefully your using digest, so that the
credentials are useless anyway.



More information about the Ipp mailing list