httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1415962 - in /httpd/httpd/branches/2.2.x/docs/manual/mod: ./ mod_auth_digest.xml
Date Sat, 01 Dec 2012 09:56:31 GMT
Author: igalic
Date: Sat Dec  1 09:56:30 2012
New Revision: 1415962

merge r1415960

    httpd/httpd/branches/2.2.x/docs/manual/mod/   (props changed)

Propchange: httpd/httpd/branches/2.2.x/docs/manual/mod/
  Merged /httpd/httpd/trunk/docs/manual/mod:r1415960

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_auth_digest.xml
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_auth_digest.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_auth_digest.xml Sat Dec  1 09:56:30 2012
@@ -71,57 +71,11 @@
     <p>Digest authentication is more secure than Basic authentication,
-    but only works with supporting browsers. As of September 2004, major
-    browsers that support digest authentication include <a
-    href="">Amaya</a>, <a
-    href="">Konqueror</a>, <a
-    href="">MS Internet Explorer</a>
-    for Mac OS X and Windows (although the Windows version fails when
-    used with a query string -- see "<a href="#msie" >Working with MS
-    Internet Explorer</a>" below for a workaround), <a
-    href="">Mozilla</a>, <a
-    href="">
-    Netscape</a> 7, <a href="">Opera</a>, and <a
-    href="">Safari</a>. <a
-    href="">lynx</a> does <strong>not</strong>
-    support digest authentication. Since digest authentication is not as
-    widely implemented as basic authentication, you should use it only
-    in environments where all users will have supporting browsers.</p>
+    but only works with supporting browsers. As of this writing (December
+    2012) all major browsers support digest authentication.</p>
-<section id="msie"><title>Working with MS Internet Explorer</title>
-    <p>The Digest authentication implementation in previous Internet
-    Explorer for Windows versions (5 and 6) had issues, namely that
-    <code>GET</code> requests with a query string were not RFC compliant.
-    There are a few ways to work around this issue.</p>
-    <p>
-    The first way is to use <code>POST</code> requests instead of
-    <code>GET</code> requests to pass data to your program.  This method
-    is the simplest approach if your application can work with this
-    limitation.
-    </p>
-    <p>Since version 2.0.51 Apache also provides a workaround in the
-    <code>AuthDigestEnableQueryStringHack</code> environment variable.
-    If <code>AuthDigestEnableQueryStringHack</code> is set for the
-    request, Apache will take steps to work around the MSIE bug and
-    remove the query string from the digest comparison.  Using this
-    method would look similar to the following.</p>
-    <example><title>Using Digest Authentication with MSIE:</title>
-    BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
-    </example>
-    <p>This workaround is not necessary for MSIE 7, though enabling it does
-    not cause any compatibility issues or significant overhead.</p>
-    <p>See the <directive module="mod_setenvif">BrowserMatch</directive>
-    directive for more details on conditionally setting environment
-    variables.</p>

View raw message