httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <>
Subject Re: [PATCH] mod_auth_digest.c -- EnableQueryStringHack
Date Mon, 09 Jun 2003 03:06:41 GMT
On Mon, 9 Jun 2003, [ISO-8859-1] André Malo wrote:

> Just my opinion: I don't like it very much, since it decreases security and
> violates the RFC very hard. The Client should be fixed, not the server.
> ...but I won't stand in the way if there are positive votes on it.

Well, part of the reason I said we should go back and look is that I seem
to recall at least one person voicing exactly that same opinion the last
time this came up -- and there might have been an actual veto.


View raw message