New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No Option to Specify HTTP Digest Authentication #7348
Comments
Pre-emptively sending credentials amounts to a security disclosure. You are sending credentials that can easily be converted to plain text. Also, I still can't get it to work with 9febb7e, even with See attached in 9febb7e it warns me the connect is unsecured, even though I'm using SSL and it still tries to use basic authentication, even when I have pre-emptive basic authentication disabled |
Same error. It looks like it is ignoring my ch.sudo.cyberduck webdav.basic.preemptive setting. Here is the log:
|
I suppose the problem is that you have installed Cyberduck from the Mac App Store as well and there are user defaults for the sandboxed version of Cyberduck in As a workaround you can remove the application data in |
CyberDuck always tries a HTTP/Authenticate with Basic with WebDAV first, even if the connection is not protected with SSL or TLS.
WebDAV RFC 4918 (sect 20.1) states "Basic authentication MUST NOT be used to authenticate a WebDAV client to a server unless the connection is secure."
Attachments
CyberDuck 7348 c.png
(449.4 KiB)Cyberduck 7348 a.png
(899.8 KiB)Cyberduck 7348 b.png
(33.2 KiB)The text was updated successfully, but these errors were encountered: