A question for all you web browser experts. Today I discovered a browser I'd never heard of before ( Maxthon (http://www.maxthon.com/) ) even though it's been around for a number of years. It uses the IE engine but unlike IE it's fully customisable skins/plugins etc, even to the extent of of being able to move individual items of the menu bar to wherever you want them. After playing with it a few hours I like it.
I'm using windows 7 so the IE engine is IE8, I'm also using at this time a speedtouch router. Now because of the way IE8 is coded I can't log into my routers web interface with IE or Maxthon unless I disable "digestauth" in the speedtouch via telnet. Googling that CLI command tells me it has something to do with HTML login authentication.
Finally to the question, does anyone know, as regards security, is it safe to disable digestauth? :dunno:
Digestauth is a higher level of security for logins, if you disable it does your router revert to standard authentication?
As to IE8, have you looked at Internet settings? Protected mode may have some bearing on this.
Quote from: DorsetBoy on Sep 04, 2010, 07:29:03
Digestauth is a higher level of security for logins, if you disable it does your router revert to standard authentication?
I assume so though I don't know for sure. All I know is that with it disabled I can log into the router with IE8 and Maxthon no problem :dunno:
Quote from: DorsetBoy on Sep 04, 2010, 07:29:03
As to IE8, have you looked at Internet settings? Protected mode may have some bearing on this.
Nope not in this particular case. I spent hours trawling the net, trying different solutions. Tried switching off protected mode, tried this, tried that but nothing worked. Then I found mention that it was a coding incompatibility between Speedtouch routers and IE8. Something to do with one of the Broadcom chips they use I'm led to believe. Anyway I turned off digestauth and everything worked fine.
Being a bit paranoid about security I wondered if turning it off puts my machine at more risk :eek4:
Digestauth is a slightly more secure way of logging into HTTP authenticated pages than the default, which is plaintext, but it never took off. This is mostly because people use more advanced methods such as PHP and Java over HTTPS to provide such facilities, which is fully encrypted. Many web servers don't implement digestauth properly, and not that many browsers support it, in which case the standard protocol is to fall back to plaintext. I don't think anything you come across online (especially anything serious, like online banking) will use digestauth; all it will do is protect a directory or file from access, not provide you with a user login as such. It's an old security mechanism, to be honest.