You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benno Evers (JIRA)" <ji...@apache.org> on 2017/09/27 09:09:00 UTC

[jira] [Created] (MESOS-8023) Warn users trying to use HTTP Basic Authentication over non-secure channels

Benno Evers created MESOS-8023:
----------------------------------

             Summary: Warn users trying to use HTTP Basic Authentication over non-secure channels
                 Key: MESOS-8023
                 URL: https://issues.apache.org/jira/browse/MESOS-8023
             Project: Mesos
          Issue Type: Improvement
            Reporter: Benno Evers


Since the Basic authentication submits passwords and usernames in plain text, it should only be used when the connection is already secured through another layer, e.g. when using HTTPS.

Since many users are not aware of this fact, Mesos should try to detect warn about this situation where possible, to prevent accidental leaking of passwords.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)