Return-Path: 
 <dev-return-38138-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 55932 invoked by uid 500); 9 Jun 2003 03:07:41 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 55919 invoked from network); 9 Jun 2003 03:07:41 -0000
Date: Sun, 8 Jun 2003 23:06:41 -0400 (EDT)
From: Cliff Woolley <jwoolley@virginia.edu>
X-X-Sender: root@deepthought.cs.virginia.edu
To: dev@httpd.apache.org
Subject: Re: [PATCH] mod_auth_digest.c -- EnableQueryStringHack
In-Reply-To: <n2m-g.1b7f4jaugshvnndparker@news.perlig.de>
Message-ID: 
 <Pine.LNX.4.44.0306082305480.18160-100000@deepthought.cs.virginia.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8BIT
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

On Mon, 9 Jun 2003, [ISO-8859-1] Andr� Malo wrote:

> Just my opinion: I don't like it very much, since it decreases security and
> violates the RFC very hard. The Client should be fixed, not the server.
> ...but I won't stand in the way if there are positive votes on it.

Well, part of the reason I said we should go back and look is that I seem
to recall at least one person voicing exactly that same opinion the last
time this came up -- and there might have been an actual veto.

--Cliff