httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject svn commit: r1050701 - /httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
Date Sat, 18 Dec 2010 20:01:40 GMT
Author: nd
Date: Sat Dec 18 20:01:39 2010
New Revision: 1050701

URL: http://svn.apache.org/viewvc?rev=1050701&view=rev
Log:
update transformation

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en?rev=1050701&r1=1050700&r2=1050701&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en Sat Dec 18 20:01:39 2010
@@ -378,6 +378,12 @@ authentication succeeds but authorizatio
     <code class="directive">AuthzSendForbiddenOnFailure</code> allows to change
the
     response code to '403 FORBIDDEN'.</p>
 
+    <div class="warning"><h3>Security Warning</h3>
+    <p>Modifying the response in case of missing authorization weakens the
+    security of the password, because it reveals to a possible attacker, that
+    his guessed password was right.</p>
+    </div>
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="Require" id="Require">Require</a>
<a name="require" id="require">Directive</a></h2>



Mime
View raw message