|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
http/spnego connections
From: Adam Tuliper (amt
gecko-software.com)
Date: Fri May 19 2006 - 08:32:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm working on an implementation of kerberos/spnego (for windows - server side) and in reading the spnego rfc draft, I can't determine if this requires the browser to keep the connection open once the client sends the authorization header. There are some notes on usage with a proxy server which makes me think the connection needs to remain open, but in theory don't see why it would. I believe for NTLM the second and third phase of auth required the connection to remain open but am not sure if the same applies to spnego.
Thanks,
Adam Tuliper
www.secure-coding.com
-------------------------------------------------
Sent using http://www.DWmail.net, a free service
Check your email [any email, anytime, anywhere]
-------------------------------------------------
Disclaimer: DWmail.net is not responsible for the content sent via it's services. Additional header information is included regarding the source of an email. If you believe an email is junk you should look for the 'Originating IP' message header
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire named worldwide market share leader in web application security
assessment by leading market research firm. Watchfire's AppScan is the
industry's first and leading web application security testing suite, and
the only solution to provide comprehensive remediation tasks at every
level of the application. See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]