HTTP Digest Authentication

security apache http authentication digest

In this scenario where you have already a database of hashed passwords it's not possible to use digest authentication as far as they were not hashed using the same function.

I think the best solution for you here is create a login page and use cookie sessions to control the privileges of the users. With this solution you get the answer for the other questions:

The cookie can be set to be use between subdomains: http://en.wikipedia.org/wiki/HTTP_cookie#Cookie_attributes
The session is going to be valid until the users close the browser, the timeout expired or the users click in the logoff button. Never forget to offer this option to your users!!!

security apache http authentication digest

i think you can hash the user inputted password first with the same function used to store the passwords in the database, then pass it as a digest password and the rest of the procedure will be the same.

and you will have to pass username and password in the HTTP URL instead of the normal formhttp://www.rojotek.com/blog/2008/05/19/http-authentication-in-a-url/

CodeHunter

HTTP Digest Authentication

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last