Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 82617 invoked from network); 15 Sep 2004 04:49:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 15 Sep 2004 04:49:13 -0000 Received: (qmail 53357 invoked by uid 500); 15 Sep 2004 04:49:09 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 53282 invoked by uid 500); 15 Sep 2004 04:49:08 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 53231 invoked by uid 500); 15 Sep 2004 04:49:07 -0000 Delivered-To: apmail-apache-1.3-cvs@apache.org Received: (qmail 53225 invoked by uid 500); 15 Sep 2004 04:49:07 -0000 Delivered-To: apmail-httpd-docs-1.3-cvs@apache.org Received: (qmail 53220 invoked by uid 99); 15 Sep 2004 04:49:07 -0000 X-ASF-Spam-Status: No, hits=-10.0 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.28) with SMTP; Tue, 14 Sep 2004 21:49:07 -0700 Received: (qmail 82582 invoked by uid 1215); 15 Sep 2004 04:49:06 -0000 Date: 15 Sep 2004 04:49:06 -0000 Message-ID: <20040915044906.82580.qmail@minotaur.apache.org> From: pepper@apache.org To: httpd-docs-1.3-cvs@apache.org Subject: cvs commit: httpd-docs-1.3/htdocs/manual/mod mod_auth_digest.html X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N pepper 2004/09/14 21:49:05 Modified: htdocs/manual/mod mod_auth_digest.html Log: Update the description of digest support for 2004, adding Konqueror, Mac IE, and Safari as supporting browsers, and lynx as an (apparently) non-supporting browser. Confirmation that this is the official home of lynx would be welcome -- lynx.browser.org and UKans both have older versions. I *believe* IE/Mac (which has a much different code base than IE/Win) doesn't have the GET bug described on Windows -- at least I can request a URL like "http://myhost/?testing" and successfully log in and get to http://myhost/, but I'm not sure if there's a subtlety I missed. I also alphabetized the (fairly long) list of browsers (keeping Mozilla and Netscape together), and toned down the warning about lack of support, since everything but lynx now seems to handle digest auth. Revision Changes Path 1.15 +17 -11 httpd-docs-1.3/htdocs/manual/mod/mod_auth_digest.html Index: mod_auth_digest.html =================================================================== RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/mod_auth_digest.html,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- mod_auth_digest.html 13 May 2003 07:43:01 -0000 1.14 +++ mod_auth_digest.html 15 Sep 2004 04:49:05 -0000 1.15 @@ -90,17 +90,23 @@ </Location> -

Note: MD5 authentication provides a more - secure password system than Basic authentication, but only - works with supporting browsers. As of this writing (October - 2001), the only major browsers which support digest - authentication are Opera - 4.0, MS - Internet Explorer 5.0 and Amaya. Therefore, we do not - yet recommend using this feature on a large Internet site. - However, for personal and intra-net use, where browser users - can be controlled, it is ideal.

+

Note: Digest authentication is more secure than + Basic authentication, but only works with supporting browsers. As of + September 2004, major browsers that support digest authentication + include Amaya, Konqueror, MS Internet Explorer + for Mac OS X and Windows (although the Windows version fails when + used with a query string -- see "Working with MS + Internet Explorer" below for a workaround), Mozilla, + Netscape 7, Opera, and Safari. lynx does not + support digest authentication. Since digest authentication is not as + widely implemented as basic authentication, you should use it only + in environments where all users will have supporting browsers.