Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-11093

Allow Basic HTTP authentication in the web service

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web service
    • Labels:
      None

      Description

      As stated in "Phase Two - Disable Digest Authentication": of MBS-357:

      At some date (to be decided) digest authentication will be disabled. The only forms of authentication support by the web service will be OAuth and basic authentication (over a secure connection).

      Basic authentication is still not supported (outside of the OAuth2 token endpoint for client application credentials). If implemented, we should clearly document never to send Basic auth credentials over plain HTTP. If that happens, I think it's a good idea to inform the requester to change their password in the response rather than silently redirect to HTTPS.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              bitmap Michael Wiencek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Packages

                  Version Package