Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE, Apache Clash on Web Standard

Posted by krow on from the are-the-malicious,-or-just-idiots dept.

sbsea1 writes "Here is another instance where Microsoft is going one way and everybody else going to other. eWEEK Labs found that Microsoft is using a different implentation of digest authentication which differs from the W3C's digest authentication standards. Internet Explorer Version 5.0 and higher--as well as Microsoft's IIS Web server--has a significant security incompatibility with other major Web browsers and with the Apache Software Foundation's Apache HTTP Web server."

7 of 51 comments (clear)

  1. doesnt look that bad... by jeffy124 · · Score: 5, Insightful

    the article says that even MS spokespeople are admitting that it's a bug. I dont see it as anything to get all up in arms and angry about.

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
    1. Re:doesnt look that bad... by questionlp · · Score: 2, Insightful
      Blockquoth the poster:
      I dont see it as anything to get all up in arms and angry about.
      Remember, this is /. If it's about Microsoft and it goes against anything open or standard, then everyone will get pissy. If it were Netscape or Opera, then it will be passed of as a fluke.
    2. Re:doesnt look that bad... by jeffy124 · · Score: 2, Insightful

      oh i'm definitely aware of the anti-microsofties there are at /. I just think it's good to point out to those that skip straight to the comments that MS is taking it seriously and not trying to change the embrace/extend yet another standard like they have in the past, which was implied by the original poster: Here is another instance where Microsoft is going one way and everybody else going to other

      --
      The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
  2. A bug? I think not... by Mr.+Muse · · Score: 2, Insightful

    ...MS spokespeople are admitting that it's a bug...

    This incompatibility has been in place for about 2 years in IE, and is also built-in to IIS. That is not an oversite. That is yet another example of a company trying to pick and choose which standards they can disregard with impunity.

    Make no mistake, Microsoft aren't going to willingly "comply" with any technology or standard that facilitates fair competition.

  3. Re:It's not a clash it's a discussion ;) by Anonymous Coward · · Score: 1, Insightful

    But IE is the de-facto standard. IE isn't going anywhere for a while. Is Apache really willing to stare down IIS? If it does, there's the distinct possibility that it will be relegated to the niche non-Microsoft market.

  4. Re:It's not a clash it's a discussion ;) by software_non_olet · · Score: 3, Insightful

    I agree, IE is the de-facto standard for browsers.

    Hence it breaks down to standard browser against standard server.

    But there is no need to give up too early from Apache's side. The function is not in wide use yet and will not in the near future IMO. If a web apllication needs authenticication, it will probably also need encryption of the data somewhere down the menu-tree (if only to change the password). Allthough SSL has a higher price-tag (in dollars or cpu-cycles), it also has the advantage of being supported by practically all browsers.

    Time for discussions - not for early give-ins.

  5. Re:Clash on web standard? by Anonymous Coward · · Score: 1, Insightful

    With digest authentication there is only one correct answer. If you can interop with anyone else, the chance you're wrong is vanishingly small. Why then is a nonprofit development team for free software supposed to pay a vendor money for the privilege of proving that vendor's employees aren't fit to read an RFC, when everyone pretty much already knew that? Microsoft blew it, and they would have known that if they had tested with anyone outside themselves.