httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark J Cox <m...@awe.com>
Subject Re: [patch] - digest nonce including MM bump, doc and changes.
Date Fri, 19 Dec 2003 09:09:46 GMT
> +  *) SECURITY - verification as to wether the nonce returned in the
> +     client response is one we issued ourselves by means of a
> +     AuthNonce secret exposed as an md5(). See mod_digest documentation
> +     for more details. The experimental/mod_auth_digest.c does not
> +     have this issue.  [Dirk-Willem van Gulik]
> +

Use CAN-2003-0987 for this issue

Mark
--
Mark J Cox ........................................... www.awe.com/mark
Apache Software Foundation ..... OpenSSL Group ..... Apache Week editor




Mime
View raw message