[Live-devel] [request] WWW-Authenticate
Thiago A. Corrêa
thiago at remotevideo.com.br
Wed Sep 29 18:14:39 PDT 2004
> No, unfortunately the database really needs to store a password (and the
> database lookup function needs to return a password), so that the server
> can compute a correct digest response string (see
> "Authenticator::computeDigestResponse()" in "DigestAuthentication.cpp").
A
> digest response string (which the server computes in order to compare to
> the corresponding string that was sent by the client) is computed as:
> md5(md5(<username>:<realm>:<password>):<nonce>:md5(<cmd>:<url>))
> so the server needs to know the password in order to compute this.
It can't use a fake password then? Say, use <password> as something
different than what the client sent to us?
More information about the live-devel
mailing list