directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r900008 - in /websites/staging/directory/trunk/content: ./ apacheds/basic-ug/3.1-authentication-options.html
Date Tue, 04 Mar 2014 17:22:32 GMT
Author: buildbot
Date: Tue Mar  4 17:22:32 2014
New Revision: 900008

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/basic-ug/3.1-authentication-options.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Mar  4 17:22:32 2014
@@ -1 +1 @@
-1574108
+1574140

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/3.1-authentication-options.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/3.1-authentication-options.html
(original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/3.1-authentication-options.html
Tue Mar  4 17:22:32 2014
@@ -287,7 +287,7 @@
 <h2 id="passwords-stored-one-way-encrypted">Passwords stored one-way encrypted</h2>
 <p>If passwords are stored in the directory in clear like above, the administrator
(<em>uid=admin,ou=system</em>) is able to read them. This holds true even if authorization
is enabled. The passwords would also be visible in exported LDIF files. This is often unacceptable.</p>
 <DIV class="warning" markdown="1">
-Not only the administrator will be able to read your password, or be visible in LDIF files,
but if one does not use SSL, the the password is transmitted in clear text above the wire...
+Not only the administrator will be able to read your password, or be visible in LDIF files,
but if one does not use SSL, the password is transmitted in clear text above the wire...
 </DIV>
 
 <h3 id="passwords-not-stored-in-clear-text">Passwords not stored in clear text</h3>
@@ -354,7 +354,7 @@ Not only the administrator will be able 
 
 <p>This is intended. If someone was able to catch this value (from an LDIF export for
instance), s/he must still provide the password itself in order to get authenticated.</p>
 <DIV class="note" markdown="1">
-**Be Warned: Limited security added**
+<b>Be Warned: Limited security added</b>
 
 Please note that storing user passwords one-way encrypted only adds limited security. During
the bind operation, the credentials are still transmitted unencrypted, if no SSL/TLS communication
is used (thus you should definitely consider to do so). 
 



Mime
View raw message