--- Den tirs 8/6/10 skrev Witold Szczerba <pljosh.mail_at_gmail.com>:
> As far as I know, BASIC authentication is secure enough
> when it goes
> over SSL. It is even better than DIGEST over plain HTTP
> because SSL
> protects not only the password, but the content as well.
Except that SSL can't be used in most intranet applications and that SSL is slower.... So NO, SSL is not a golden hammer and a general lifeline for security.
I agree with the point raised that BASIC authentication is dangerous and should be deprecated. Jersey NEEDS to support DIGEST authentication!
/Morten