-
New Feature
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
Village
As detailed in MBS-9207, supporting HTTP Digest auth requires the server to store the password in almost-plain format. Until the support for Digest can be removed, we should offer security-conscious users the option not to store an ha1 value (which means that they can’t use Digest auth, but aren’t as vulnerable in case their data should be exposed).
- is related to
-
MBS-9207 Disallow HTTP Digest authentication
-
- Open
-
Allow individual users to opt out of HTTP Digest auth
-
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
Village
As detailed in MBS-9207, supporting HTTP Digest auth requires the server to store the password in almost-plain format. Until the support for Digest can be removed, we should offer security-conscious users the option not to store an ha1 value (which means that they can’t use Digest auth, but aren’t as vulnerable in case their data should be exposed).
- is related to
-
-
- Open
-
-
Ulrich Klauer
-
- Votes:
-
0 Vote for this issue
- Watchers:
-
0 Start watching this issue
- Created:
- Updated:
| Version | Package |
|---|