Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-9209

Allow individual users to opt out of HTTP Digest auth

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Accounts
    • Labels:
      None
    • Size Estimate:
      Village

      Description

      As detailed in MBS-9207, supporting HTTP Digest auth requires the server to store the password in almost-plain format. Until the support for Digest can be removed, we should offer security-conscious users the option not to store an ha1 value (which means that they can’t use Digest auth, but aren’t as vulnerable in case their data should be exposed).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              chirlu Ulrich Klauer
              Reporter:
              chirlu Ulrich Klauer
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:

                  Packages

                  Version Package