References On The Internet:
unixpapa.com
A Guide to Web Authentication Alternatives
recommended reading for a thorough overview on matters surrounding
authentication on http servers. includes the interesting observation
that the chances at guessing the correct MD5 hash of a username/password combination
is:
1 in 340,282,366,920,938,463,463,374,607,431,768,211,456
securiteam.com
Considerations for IIS Authentication
describes how using the builtin authentication mechanisms
of IIS allow the brute forcing of administrator accounts
extremetech.com
Additional Internet Explorer/Apache Problems Surface
IIS must be run on the same machine that is the domain controller
for digest authentication to work.
eweek.com
IE, Apache Clash on Web Standard
apache foundation refuses to support internet explorer version digest authentication
microsoft.com
Microsoft Knowledge Base Article - 222028
If the server running IIS is not a Active Directory Server,
or does not have access to the Active Directory, digest authentication will not work.
msdn
*
Performance Comparison: Security Design Choices
Building Distributed Applications with .NET
msdn
*
Building and Configuring More Secure Web Sites
Security Best Practices for Windows 2000 Advanced Server, Internet Information Services 5.0, SQL Server 2000, and the .NET Framework
15seconds.com
*
15 Seconds : Complying with IT's Security Requirements for Web Applications
robertgraham.com
network sniffing faq detailing the theoretical and practical requirements to mount password sniffing attacks
rfc2616 * Hypertext Transfer Protocol -- HTTP/1.1
rfc2617 * HTTP Authentication: Basic and Digest Access Authentication
rfc1321 * The MD5 Message-Digest Algorithm
rfc2396 * Uniform Resource Identifiers (URI): Generic Syntax
rfc2965 * HTTP State Management Mechanism
rfc2109 * HTTP State Management Mechanism
rfc2045 * Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies
rfc2869 * RADIUS Extensions
rfc2139 * RADIUS Accounting
rfc2865 * Remote Authentication Dial In User Service (RADIUS)
rfc2828 * Internet Security Glossary
Purchase Wanderware Product Activation Key System Requirements table of contents full printable document
|