search

subdavis / Tusk

🐘 🔒 KeePass-compatible browser extension for filling passwords.
https://subdavis.com/Tusk
Other
483 stars 74 forks source link

digest authentication for WebDAV #124

Closed kleinfelter closed 2 months ago

kleinfelter commented 6 years ago

This issue is a

Please describe the current behavior, and explain why it's bad.

It looks like Tusk uses only basic auth for WebDAV. I set up a WebDAV share, I validated that it worked with my Tusk user ID/pass using another WebDAV client. When I use the same URL, ID, and password with Tusk, my Apache error log says "client used wrong authentication scheme `Basic': /tusk/"

Please describe how you think it should change.

I really don't want to be sending my WebDAV credentials in basic auth on http (and yes, it would only be my tusk WebDAV, but security is a multi-layered thing).

Anything else?

subdavis commented 6 years ago

This is a great suggestion, but not a feature I'm likely to get around to implementing in the near future.

In the meantime, consider implementing SSL on your webdav share.

Thanks!