Is this a new feature request?
Wanted change
Pleased add a header for the choice "form login" vs "basic authenticaton".
Reason for change
The current design with auto selection has some ugly issues:
- in basic auth a fermed-encrypted password could be entered
- base64 decryption takes place after fermed decryption throwing and logging an error
- user can bypass admins decision for using basic auth if he sets a cookie manually
Some of these problem are theoretically and hard to abuse, but a header for switching the auth method would be bulletproof and try-and-error for the right decryption algorithm is bad design.
Proposed code change
No response
Is this a new feature request?
Wanted change
Pleased add a header for the choice "form login" vs "basic authenticaton".
Reason for change
The current design with auto selection has some ugly issues:
Some of these problem are theoretically and hard to abuse, but a header for switching the auth method would be bulletproof and try-and-error for the right decryption algorithm is bad design.
Proposed code change
No response