Recognizing a WebDAV enabled client

Manfred Baedke wrote:
> Hi Michael,
>
> what's really bad about programmatic clients and form
based 
> authentication is the fact that the form comes with
status code 200, 
> telling the client that everything is fine, and there
is really no 
> realiable way for the client to tell wether the
response body is the 
> intended content or a login form. Form based
authentication, as it is 
> widely used nowadays, is broken by design. Don't use
it.

ok, but what is the alternative? BASIC and DIGEST also have
issues 

Thanks

Michi

>
> Regards,
> Manfred
>
>
>


-- 
Michael Wechner
Wyona      -   Open Source Content Management   -    Apache
Lenya
http://www.wyona.com     
                http://lenya.apache.org
michael.wechnerwyona.com                        michiapache.org
+41 44 272 91 61

On Jul 3, 2006, at 7:48 AM, Michael Wechner wrote:

>
> Manfred Baedke wrote:
>> Hi Michael,
>>
>> what's really bad about programmatic clients and
form based  
>> authentication is the fact that the form comes with
status code  
>> 200, telling the client that everything is fine,
and there is  
>> really no realiable way for the client to tell
wether the response  
>> body is the intended content or a login form. Form
based  
>> authentication, as it is widely used nowadays, is
broken by  
>> design. Don't use it.
>
> ok, but what is the alternative? BASIC and DIGEST also
have issues 
>

This thread has come up other times and places - I'm sort
of curios  
to understand what people view as  the issues of Digest
inside TLS?