You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2014/01/05 17:18:47 UTC
svn commit: r1555559 - in /httpd/httpd/branches/2.4.x: ./
docs/manual/howto/auth.xml
Author: sf
Date: Sun Jan 5 16:18:46 2014
New Revision: 1555559
URL: http://svn.apache.org/r1555559
Log:
Merge r1555555 from trunk:
axe one more case of digest auth being described as secure
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/howto/auth.xml
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1555555
Modified: httpd/httpd/branches/2.4.x/docs/manual/howto/auth.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/howto/auth.xml?rev=1555559&r1=1555558&r2=1555559&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/howto/auth.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/howto/auth.xml Sun Jan 5 16:18:46 2014
@@ -218,8 +218,9 @@ Require user rbowen
highly sensitive data, unless accompanied by <module>mod_ssl</module>.
Apache supports one other authentication method:
<code>AuthType Digest</code>. This method is implemented by <module
- >mod_auth_digest</module> and is much more secure. Most recent
- browsers support Digest authentication.</p>
+ >mod_auth_digest</module> and was intended to be more secure. This is no
+ longer the case and the connection should be encrypted with <module
+ >mod_ssl</module> instead.</p>
<p>The <directive module="mod_authn_core">AuthName</directive> directive sets
the <dfn>Realm</dfn> to be used in the authentication. The realm serves