WebApp Sec mailing list archives
http/spnego connections
From: "Adam Tuliper" <amt () gecko-software com>
Date: 19 May 2006 13:32:57 -0000
I'm working on an implementation of kerberos/spnego (for windows - server side) and in reading the spnego rfc draft, I can't determine if this requires the browser to keep the connection open once the client sends the authorization header. There are some notes on usage with a proxy server which makes me think the connection needs to remain open, but in theory don't see why it would. I believe for NTLM the second and third phase of auth required the connection to remain open but am not sure if the same applies to spnego. Thanks, Adam Tuliper www.secure-coding.com ------------------------------------------------- Sent using http://www.DWmail.net, a free service Check your email [any email, anytime, anywhere] ------------------------------------------------- Disclaimer: DWmail.net is not responsible for the content sent via it's services. Additional header information is included regarding the source of an email. If you believe an email is junk you should look for the 'Originating IP' message header ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire named worldwide market share leader in web application security assessment by leading market research firm. Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download a Free Trial of AppScan 6.0 today! https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c --------------------------------------------------------------------------
Current thread:
- Non SSL Bank Login Forms wilson . amajohn (May 18)
- Re: Non SSL Bank Login Forms Wil Clouser (May 18)
- Message not available
- Fwd: Non SSL Bank Login Forms John Kennedy (May 18)
- Message not available
- Message not available
- Fwd: Non SSL Bank Login Forms John Kennedy (May 18)
- Re: Non SSL Bank Login Forms Wil Clouser (May 18)
- Re: Non SSL Bank Login Forms Adam Tuliper (May 19)
- http/spnego connections Adam Tuliper (May 19)
- Re: http/spnego connections Saqib Ali (May 19)
- Re: http/spnego connections Adam Tuliper (May 19)
- Re: http/spnego connections Adam Tuliper (May 19)
- Re: Non SSL Bank Login Forms Don Jackson (May 19)
- <Possible follow-ups>
- RE: Non SSL Bank Login Forms James Strassburg (May 19)