jsr339-experts@jax-rs-spec.java.net

[jsr339-experts] password auth at WebTarget only

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Bill Burke <bburke_at_redhat.com>
Date: Mon, 10 Dec 2012 10:38:37 -0500

I was thinking about this some more. Password-based authentication
should probably only be configured at the WebTarget level only. If done
at the Client level, couldn't the client be exposed to phishing attacks?
A rogue server could post a basic-auth challenge, and the Client could
unwittingly transmit the username/password to the rogue server.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

This message: [ Message body ]
Next message: Bill Burke: "[jsr339-experts] client builder API"
Previous message: Bill Burke: "[jsr339-experts] Re: [jax-rs-spec users] SSL and Authentication affect on client API"
Next in thread: Sergey Beryozkin: "[jsr339-experts] Re: password auth at WebTarget only"
Reply: Sergey Beryozkin: "[jsr339-experts] Re: password auth at WebTarget only"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]