You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by bu...@apache.org on 2016/08/19 00:14:09 UTC

[Bug 60020] New: Auth xml

https://bz.apache.org/bugzilla/show_bug.cgi?id=60020

            Bug ID: 60020
           Summary: Auth xml
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
          Assignee: docs@httpd.apache.org
          Reporter: ljgbpfeiffer@googlemail.com

Hello, 
I want to check if this text is legit or we should change this text, im not
sure but it does not sounds good to me: 

" <module>mod_ssl</module>.
    Apache supports one other authentication method:
    <code>AuthType Digest</code>. This method is implemented by <module
    >mod_auth_digest</module> and was intended to be more secure. This is no
    longer the case and the connection should be encrypted with <module
    >mod_ssl</module> instead.</p>  "


the phrase " and was intended to be more secure." its kinda strange... 

any opinions?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 60020] Auth xml

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60020

Luis Gil de Bernabé P. <lg...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 60020] Auth xml

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60020

--- Comment #1 from Rich Bowen <rb...@apache.org> ---
What I was trying to communicate was that the intent of the Digest auth method
was that it be more secure, but it has since been discovered how easy it is to
record and play back the request, so that you don't actually need to know the
password.

Other phrasings are welcomed.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org