|
WebApp Sec
mailing list archives
http/spnego connections
From: "Adam Tuliper" <amt () gecko-software com>
Date: 19 May 2006 13:32:57 -0000
I'm working on an implementation of kerberos/spnego (for windows - server side) and in reading the spnego rfc draft, I
can't determine if this requires the browser to keep the connection open once the client sends the authorization
header. There are some notes on usage with a proxy server which makes me think the connection needs to remain open, but
in theory don't see why it would. I believe for NTLM the second and third phase of auth required the connection to
remain open but am not sure if the same applies to spnego.
Thanks,
Adam Tuliper
www.secure-coding.com
-------------------------------------------------
Sent using http://www.DWmail.net, a free service
Check your email [any email, anytime, anywhere]
-------------------------------------------------
Disclaimer: DWmail.net is not responsible for the content sent via it's services. Additional header information is
included regarding the source of an email. If you believe an email is junk you should look for the 'Originating IP'
message header
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire named worldwide market share leader in web application security
assessment by leading market research firm. Watchfire's AppScan is the
industry's first and leading web application security testing suite, and
the only solution to provide comprehensive remediation tasks at every
level of the application. See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
Re: Non SSL Bank Login Forms Andrew van der Stock (May 18)
|
Intro
