Return-Path: 
 <cvs-return-37571-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 74033 invoked from network); 18 Dec 2010 20:02:01 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 18 Dec 2010 20:02:01 -0000
Received: (qmail 40047 invoked by uid 500); 18 Dec 2010 20:02:01 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 39908 invoked by uid 500); 18 Dec 2010 20:02:01 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 39901 invoked by uid 99); 18 Dec 2010 20:02:00 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Dec 2010 20:02:00 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Dec 2010 20:02:00 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 4A53C23888E8; Sat, 18 Dec 2010 20:01:40 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1050701 -
 /httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
Date: Sat, 18 Dec 2010 20:01:40 -0000
To: cvs@httpd.apache.org
From: nd@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20101218200140.4A53C23888E8@eris.apache.org>

Author: nd
Date: Sat Dec 18 20:01:39 2010
New Revision: 1050701

URL: http://svn.apache.org/viewvc?rev=1050701&view=rev
Log:
update transformation

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en?rev=1050701&r1=1050700&r2=1050701&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en Sat Dec 18 20:01:39 2010
@@ -378,6 +378,12 @@ authentication succeeds but authorizatio
     <code class="directive">AuthzSendForbiddenOnFailure</code> allows to change the
     response code to '403 FORBIDDEN'.</p>
 
+    <div class="warning"><h3>Security Warning</h3>
+    <p>Modifying the response in case of missing authorization weakens the
+    security of the password, because it reveals to a possible attacker, that
+    his guessed password was right.</p>
+    </div>
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="Require" id="Require">Require</a> <a name="require" id="require">Directive</a></h2>