You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2013/07/18 20:32:51 UTC

[jira] [Updated] (KNOX-30) Limit HTTP basic auth chalenges to HTTPS

     [ https://issues.apache.org/jira/browse/KNOX-30?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Minder updated KNOX-30:
-----------------------------

          Component/s: Server
    Affects Version/s: 0.2.0
             Assignee: Larry McCay  (was: Kevin Minder)
    
> Limit HTTP basic auth chalenges to HTTPS
> ----------------------------------------
>
>                 Key: KNOX-30
>                 URL: https://issues.apache.org/jira/browse/KNOX-30
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 0.2.0
>            Reporter: Kevin Minder
>            Assignee: Larry McCay
>             Fix For: 0.2.0
>
>
> From BUG-4308
> In general the only standard way to provide credentials for a REST API call is via basic auth.  This is inherently insecure.  The gateway should at least optionally refuse to challenge over HTTP but more ideally would redirect to an HTTPS endpoint and challenge for credentials.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira