Digest authentication credentials may be visible to other applications that are based on the WinINet API that also use Digest authentication (898656)
The information in this article applies to:
- Microsoft Internet Explorer (Programming)
SYMPTOMSDigest authentication credentials that are used in an application that is based on the Microsoft Windows Internet (WinINet) API may be visible to other applications that are based on the WinINet API that also use Digest authentication. Applications that are based on the WinINet API include
the following applications:
- Microsoft Internet Explorer
- Microsoft Outlook Express
- Custom applications that use the WinINet API
For example, you connect to a URL by using Digest
authentication in a custom application that is based on the WinINet API. Then, you start
Internet Explorer, and you try to connect to the same URL. When you do this, the authentication dialog
box that appears already contains the user name and password that
you used in the custom application. To connect to the URL, you
just click OK. You can save
the password for
future sessions by using the authentication
dialog box. Note This problem also occurs after you close the custom application if Internet Explorer was running when the custom application connected to the
URL. CAUSEThis problem occurs because Digest authentication
credentials are cached across processes. The Digest.dll file
implements its own credential cache. This credential
cache is shared across processes through a memory-mapped file. The memory-mapped file is destroyed only when all
processes that
use Digest authentication are closed.
Note Both Internet Explorer and Outlook Express use the Digest.dll file for
Digest authentication in the WinINet API.STATUSMicrosoft
has confirmed that this is a problem in the Microsoft products that are listed
in the "Applies to" section.
| Modification Type: | Major | Last Reviewed: | 6/24/2005 |
|---|
| Keywords: | kbProgramming kbAuthentication kbtshoot kbprb KB898656 kbAudDeveloper kbAudITPRO |
|---|
|