You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by bu...@apache.org on 2016/08/19 00:14:09 UTC
[Bug 60020] New: Auth xml
https://bz.apache.org/bugzilla/show_bug.cgi?id=60020
Bug ID: 60020
Summary: Auth xml
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: ljgbpfeiffer@googlemail.com
Hello,
I want to check if this text is legit or we should change this text, im not
sure but it does not sounds good to me:
" <module>mod_ssl</module>.
Apache supports one other authentication method:
<code>AuthType Digest</code>. This method is implemented by <module
>mod_auth_digest</module> and was intended to be more secure. This is no
longer the case and the connection should be encrypted with <module
>mod_ssl</module> instead.</p> "
the phrase " and was intended to be more secure." its kinda strange...
any opinions?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 60020] Auth xml
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60020
Luis Gil de Bernabé P. <lg...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 60020] Auth xml
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60020
--- Comment #1 from Rich Bowen <rb...@apache.org> ---
What I was trying to communicate was that the intent of the Digest auth method
was that it be more secure, but it has since been discovered how easy it is to
record and play back the request, so that you don't actually need to know the
password.
Other phrasings are welcomed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org