You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/02/05 12:17:30 UTC
DO NOT REPLY [Bug 16797] New: -
mention that auth basic plus SSL is better
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16797>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16797
mention that auth basic plus SSL is better
Summary: mention that auth basic plus SSL is better
Product: Apache httpd-2.0
Version: 2.0.32
Platform: Other
URL: http://httpd.apache.org/docs/howto/auth.html#basiccaveat
OS/Version: Other
Status: NEW
Severity: Enhancement
Priority: Other
Component: Documentation
AssignedTo: bugs@httpd.apache.org
ReportedBy: hauser@acm.org
http://httpd.apache.org/docs/howto/auth.html#digestcaveat mentions
<<The moral of this is that if you have content that really needs to be kept
secure, use SSL.>>
I'd assume that the same applies for "basic" too ==> therefore my suggestion:
Add the same suggestion there too (and perhaps amend it with "depending on key
sizes and encryption algorithm used, this can be seen as roughly equivalent to
the security achieved by openssh plus a password - possibly even better because
the server's public key is most likely certified by a 'trusted' CA")!
I am happy to provide a patch to the referenced URL as a suggestion, provided
plain html is the right format, otherwise, let me know which xml- or alike file
I have to work on.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org