[bug #57686] Basic Auth: make auth-no-challenge mode by default

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #57686] Basic Auth: make auth-no-challenge mode by default

From:	Sergey Ponomarev
Subject:	[bug #57686] Basic Auth: make auth-no-challenge mode by default
Date:	Wed, 29 Jan 2020 08:23:37 -0500 (EST)
User-agent:	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0

Follow-up Comment #1, bug #57686 (project wget):

Ok, I figured out that the main reason for the challenge was not a security
but because we don't know which auth scheme uses server: basic or digest. So
in the response for the first request server returns `WWW-Auth digest` then it
will send password hash instead of clear password as for basic auth.

curl have an option -anyuth that works as wget by default.
So we can make `--auth-no-challenge` by default (i.e. send credentials without
pre-request) and add the same `-anyauth` option as curl have for those who
previous behavior.
I.e. make wget working the same as curl.

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?57686>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #57686] Basic Auth: make auth-no-challenge mode by default, Sergey Ponomarev, 2020/01/28
- [bug #57686] Basic Auth: make auth-no-challenge mode by default, Sergey Ponomarev <=

Prev by Date: OPENSSL_config deprecation warning
Next by Date: wget/http compile error
Previous by thread: [bug #57686] Basic Auth: make auth-no-challenge mode by default
Next by thread: [bug #35122] --auth-no-challenge should not be required to send Basic auth over SSL
Index(es):
- Date
- Thread