You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ig...@apache.org on 2012/12/01 10:56:31 UTC
svn commit: r1415962 - in /httpd/httpd/branches/2.2.x/docs/manual/mod: ./
mod_auth_digest.xml
Author: igalic
Date: Sat Dec 1 09:56:30 2012
New Revision: 1415962
URL: http://svn.apache.org/viewvc?rev=1415962&view=rev
Log:
merge r1415960
Modified:
httpd/httpd/branches/2.2.x/docs/manual/mod/ (props changed)
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_auth_digest.xml
Propchange: httpd/httpd/branches/2.2.x/docs/manual/mod/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/docs/manual/mod:r1415960
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_auth_digest.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_auth_digest.xml?rev=1415962&r1=1415961&r2=1415962&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_auth_digest.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_auth_digest.xml Sat Dec 1 09:56:30 2012
@@ -71,57 +71,11 @@
<note><title>Note</title>
<p>Digest authentication is more secure than Basic authentication,
- but only works with supporting browsers. As of September 2004, major
- browsers that support digest authentication include <a
- href="http://www.w3.org/Amaya/">Amaya</a>, <a
- href="http://konqueror.kde.org/">Konqueror</a>, <a
- href="http://www.microsoft.com/windows/ie/">MS Internet Explorer</a>
- for Mac OS X and Windows (although the Windows version fails when
- used with a query string -- see "<a href="#msie" >Working with MS
- Internet Explorer</a>" below for a workaround), <a
- href="http://www.mozilla.org">Mozilla</a>, <a
- href="http://channels.netscape.com/ns/browsers/download.jsp">
- Netscape</a> 7, <a href="http://www.opera.com/">Opera</a>, and <a
- href="http://www.apple.com/safari/">Safari</a>. <a
- href="http://lynx.isc.org/">lynx</a> does <strong>not</strong>
- support digest authentication. Since digest authentication is not as
- widely implemented as basic authentication, you should use it only
- in environments where all users will have supporting browsers.</p>
+ but only works with supporting browsers. As of this writing (December
+ 2012) all major browsers support digest authentication.</p>
</note>
</section>
-<section id="msie"><title>Working with MS Internet Explorer</title>
- <p>The Digest authentication implementation in previous Internet
- Explorer for Windows versions (5 and 6) had issues, namely that
- <code>GET</code> requests with a query string were not RFC compliant.
- There are a few ways to work around this issue.</p>
-
- <p>
- The first way is to use <code>POST</code> requests instead of
- <code>GET</code> requests to pass data to your program. This method
- is the simplest approach if your application can work with this
- limitation.
- </p>
-
- <p>Since version 2.0.51 Apache also provides a workaround in the
- <code>AuthDigestEnableQueryStringHack</code> environment variable.
- If <code>AuthDigestEnableQueryStringHack</code> is set for the
- request, Apache will take steps to work around the MSIE bug and
- remove the query string from the digest comparison. Using this
- method would look similar to the following.</p>
-
- <example><title>Using Digest Authentication with MSIE:</title>
- BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
- </example>
-
- <p>This workaround is not necessary for MSIE 7, though enabling it does
- not cause any compatibility issues or significant overhead.</p>
-
- <p>See the <directive module="mod_setenvif">BrowserMatch</directive>
- directive for more details on conditionally setting environment
- variables.</p>
-</section>
-
<directivesynopsis>
<name>AuthDigestProvider</name>