Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-9209

Allow individual users to opt out of HTTP Digest auth

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Accounts
    • Labels:
      None
    • Size Estimate:
      Village

      Description

      As detailed in MBS-9207, supporting HTTP Digest auth requires the server to store the password in almost-plain format. Until the support for Digest can be removed, we should offer security-conscious users the option not to store an ha1 value (which means that they can’t use Digest auth, but aren’t as vulnerable in case their data should be exposed).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chirlu Ulrich Klauer
                Reporter:
                chirlu Ulrich Klauer
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Packages

                  Version Package