You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pe...@apache.org on 2004/09/15 06:49:06 UTC
cvs commit: httpd-docs-1.3/htdocs/manual/mod mod_auth_digest.html

pepper      2004/09/14 21:49:05

  Modified:    htdocs/manual/mod mod_auth_digest.html
  Log:
  	Update the description of digest support for 2004, adding Konqueror, Mac IE, and Safari as supporting browsers, and lynx as an (apparently) non-supporting browser. Confirmation that this is the official home of lynx would be welcome -- lynx.browser.org and UKans both have older versions.
  
  	I *believe* IE/Mac (which has a much different code base than IE/Win) doesn't have the GET bug described on Windows -- at least I can request a URL like "http://myhost/?testing" and successfully log in and get to http://myhost/, but I'm not sure if there's a subtlety I missed. I also alphabetized the (fairly long) list of browsers (keeping Mozilla and Netscape together), and toned down the warning about lack of support, since everything but lynx now seems to handle digest auth.
  
  Revision  Changes    Path
  1.15      +17 -11    httpd-docs-1.3/htdocs/manual/mod/mod_auth_digest.html
  
  Index: mod_auth_digest.html
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/mod_auth_digest.html,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- mod_auth_digest.html	13 May 2003 07:43:01 -0000	1.14
  +++ mod_auth_digest.html	15 Sep 2004 04:49:05 -0000	1.15
  @@ -90,17 +90,23 @@
     &lt;/Location&gt;
   </pre>
   
  -    <p><strong>Note:</strong> MD5 authentication provides a more
  -    secure password system than Basic authentication, but only
  -    works with supporting browsers. As of this writing (October
  -    2001), the only major browsers which support digest
  -    authentication are <a href="http://www.opera.com/">Opera
  -    4.0</a>, <a href="http://www.microsoft.com/windows/ie/">MS
  -    Internet Explorer 5.0</a> and <a
  -    href="http://www.w3.org/Amaya/">Amaya</a>. Therefore, we do not
  -    yet recommend using this feature on a large Internet site.
  -    However, for personal and intra-net use, where browser users
  -    can be controlled, it is ideal.</p>
  +    <p><strong>Note:</strong> Digest authentication is more secure than
  +    Basic authentication, but only works with supporting browsers. As of
  +    September 2004, major browsers that support digest authentication
  +    include <a href="http://www.w3.org/Amaya/">Amaya</a>, <a
  +    href="http://konqueror.kde.org/">Konqueror</a>, <a
  +    href="http://www.microsoft.com/windows/ie/">MS Internet Explorer</a>
  +    for Mac OS X and Windows (although the Windows version fails when
  +    used with a query string -- see "<a href="#msie" >Working with MS
  +    Internet Explorer</a>" below for a workaround), <a
  +    href="http://www.mozilla.org">Mozilla</a>, <a
  +    href="http://channels.netscape.com/ns/browsers/download.jsp">
  +    Netscape</a> 7, <a href="http://www.opera.com/">Opera</a>, and <a
  +    href="http://www.apple.com/safari/">Safari</a>. <a
  +    href="http://lynx.isc.org/">lynx</a> does <strong>not</strong>
  +    support digest authentication. Since digest authentication is not as
  +    widely implemented as basic authentication, you should use it only
  +    in environments where all users will have supporting browsers.</p>
       <hr />
   
       <h2><a id="authdigestfile"