DO NOT REPLY [Bug 16797] New: - mention that auth basic plus SSL is better

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16797>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16797

mention that auth basic plus SSL is better

           Summary: mention that auth basic plus SSL is better
           Product: Apache httpd-2.0
           Version: 2.0.32
          Platform: Other
               URL: http://httpd.apache.org/docs/howto/auth.html#basiccaveat
        OS/Version: Other
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: Documentation
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: hauser@acm.org


http://httpd.apache.org/docs/howto/auth.html#digestcaveat mentions
<<The moral of this is that if you have content that really needs to be kept
secure, use SSL.>>

I'd assume that the same applies for "basic" too ==> therefore my suggestion:
Add the same suggestion there too (and perhaps amend it with "depending on key
sizes and encryption algorithm used, this can be seen as roughly equivalent to
the security achieved by openssh plus a password - possibly even better because
the server's public key is most likely certified by a 'trusted' CA")!

I am happy to provide a patch to the referenced URL as a suggestion, provided
plain html is the right format, otherwise, let me know which xml- or alike file
I have to work on.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org