IPP> RE: MOD - Proposed new functionality for clients to invo ke HTTP s ecur ity

IPP> RE: MOD - Proposed new functionality for clients to invo ke HTTP s ecur ity

Paul Moore paulmo at microsoft.com
Fri Mar 19 15:44:07 EST 1999


How do I send the credntials? Digest, basic NTLM, XYZ? I dont know what the
server wants until it challnges me

-----Original Message-----
From: Josh Cohen [mailto:joshco at microsoft.com]
Sent: Friday, March 19, 1999 11:31 AM
To: Paul Moore; 'Manros, Carl-Uno B'
Cc: 'IETF-IPP'
Subject: IPP> RE: MOD - Proposed new functionality for clients to invoke
HTTP s ecur ity



> Paul said:
>
> If a server supports anon and basic, even if I have a userid 
> and password my jobs get submitted as anonymous
> 
This is a good point, I doubt this scenario has been discussed
before.
Is a viable option to:
if you have credentials, why not just send them along
the first time ? 

My first thought was that this might result in sending the
creds to unauthorized sites, which is a security issue.
However, it really isnt, you'd send those creds anyway if
the server challenged you (provoked or unprovoked).
Either way, you'd need to know which servers are allowed
to receive which credentials if you want to avoid this.

And of course, hopefully your using digest, so that the
credentials are useless anyway.



More information about the Ipp mailing list