You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pe...@apache.org on 2004/09/19 06:20:38 UTC
cvs commit: httpd-2.0/docs/manual/mod mod_auth_digest.xml
pepper 2004/09/18 21:20:38
Modified: docs/manual/mod mod_auth_digest.xml
Log:
Update the description of digest support for 2004, adding Konqueror, Mac IE, and Safari as supporting browsers, and lynx as an (apparently) non-supporting browser. Confirmation of the official lynx home would be welcome -- lynx.browser.org and UKans both have older versions.
I *believe* IE/Mac (which has a much different code base than IE/Win) doesn't have the GET bug described on Windows -- at least I can request a URL like "http://myhost/?testing" and successfully log in and get to http://myhost/, but I'm not sure if there's a subtlety I missed. I also alphabetized the (fairly long) list of browsers (keeping Mozilla and Netscape together), and toned down the warning about lack of support, since everything but lynx now seems to handle digest auth.
Revision Changes Path
1.20 +20 -16 httpd-2.0/docs/manual/mod/mod_auth_digest.xml
Index: mod_auth_digest.xml
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_digest.xml,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- mod_auth_digest.xml 5 Aug 2004 11:56:47 -0000 1.19
+++ mod_auth_digest.xml 19 Sep 2004 04:20:37 -0000 1.20
@@ -68,27 +68,31 @@
</example>
<note><title>Note</title>
- <p>Digest authentication provides a more secure password system
- than Basic authentication, but only works with supporting
- browsers. As of November 2002, the major browsers that support digest
- authentication are <a href="http://www.opera.com/">Opera</a>, <a
- href="http://www.microsoft.com/windows/ie/">MS Internet
- Explorer</a> (fails when used with a query string - see "<a href="#msie"
- >Working with MS Internet Explorer</a>" below for a workaround), <a
+ <p>Digest authentication is more secure than Basic authentication,
+ but only works with supporting browsers. As of September 2004, major
+ browsers that support digest authentication include <a
href="http://www.w3.org/Amaya/">Amaya</a>, <a
- href="http://www.mozilla.org">Mozilla</a> and <a
- href="http://channels.netscape.com/ns/browsers/download.jsp"
- >Netscape</a> since version 7. Since digest
- authentication is not as widely implemented as basic
- authentication, you should use it only in controlled environments.</p>
+ href="http://konqueror.kde.org/">Konqueror</a>, <a
+ href="http://www.microsoft.com/windows/ie/">MS Internet Explorer</a>
+ for Mac OS X and Windows (although the Windows version fails when
+ used with a query string -- see "<a href="#msie" >Working with MS
+ Internet Explorer</a>" below for a workaround), <a
+ href="http://www.mozilla.org">Mozilla</a>, <a
+ href="http://channels.netscape.com/ns/browsers/download.jsp">
+ Netscape</a> 7, <a href="http://www.opera.com/">Opera</a>, and <a
+ href="http://www.apple.com/safari/">Safari</a>. <a
+ href="http://lynx.isc.org/">lynx</a> does <strong>not</strong>
+ support digest authentication. Since digest authentication is not as
+ widely implemented as basic authentication, you should use it only
+ in environments where all users will have supporting browsers.</p>
</note>
</section>
<section id="msie"><title>Working with MS Internet Explorer</title>
<p>The Digest authentication implementation in current Internet
- Explorer implementations has known issues, namely that <code>GET</code>
- requests with a query string are not RFC compliant. There are a
- few ways to work around this issue.</p>
+ Explorer for Windows implementations has known issues, namely that
+ <code>GET</code> requests with a query string are not RFC compliant.
+ There are a few ways to work around this issue.</p>
<p>
The first way is to use <code>POST</code> requests instead of