A Browser Question

Started by Odos, Sep 04, 2010, 01:39:38

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Odos

A question for all you web browser experts. Today I discovered a browser I'd never heard of before ( Maxthon ) even though it's been around for a number of years. It uses the IE engine but unlike IE it's fully customisable skins/plugins etc, even to the extent of of being able to move individual items of the menu bar to wherever you want them. After playing with it a few hours I like it.

I'm using windows 7 so the IE engine is IE8, I'm also using at this time a speedtouch router. Now because of the way IE8 is coded I can't log into my routers web interface with IE or Maxthon unless I disable "digestauth" in the speedtouch via telnet. Googling that CLI command tells me it has something to do with HTML login authentication.

Finally to the question, does anyone know, as regards security, is it safe to disable digestauth?  :dunno:

Tony

DorsetBoy

Digestauth is a higher level of security for logins, if you disable it does your router revert to standard authentication?

As to IE8, have you looked at Internet settings? Protected mode may have some bearing on this.

Odos

Quote from: DorsetBoy on Sep 04, 2010, 07:29:03
Digestauth is a higher level of security for logins, if you disable it does your router revert to standard authentication?

I assume so though I don't know for sure. All I know is that with it disabled I can log into the router with IE8 and Maxthon no problem :dunno:


Quote from: DorsetBoy on Sep 04, 2010, 07:29:03
As to IE8, have you looked at Internet settings? Protected mode may have some bearing on this.

Nope not in this particular case. I spent hours trawling the net, trying different solutions. Tried switching off protected mode, tried this, tried that but nothing worked. Then I found mention that it was a coding incompatibility between Speedtouch routers and IE8. Something to do with one of the Broadcom chips they use I'm led to believe. Anyway I turned off digestauth and everything worked fine.

Being a bit paranoid about security I wondered if turning it off puts my machine at more risk  :eek4:

Tony

esh

Digestauth is a slightly more secure way of logging into HTTP authenticated pages than the default, which is plaintext, but it never took off. This is mostly because people use more advanced methods such as PHP and Java over HTTPS to provide such facilities, which is fully encrypted. Many web servers don't implement digestauth properly, and not that many browsers support it, in which case the standard protocol is to fall back to plaintext. I don't think anything you come across online (especially anything serious, like online banking) will use digestauth; all it will do is protect a directory or file from access, not provide you with a user login as such. It's an old security mechanism, to be honest.
CompuServe 28.8k/33.6k 1994-1998, BT 56k 1998-2001, NTL Cable 512k 2001-2004, 2x F2S 1M 2004-2008, IDNet 8M 2008 - LLU 11M 2011