httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: digest auth is not really more secure than basic auth (Fwd: svn commit: r1554276 - /httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.xml)
Date Mon, 30 Dec 2013 17:07:14 GMT
On 30 Dec 2013, at 6:58 PM, Stefan Fritsch <> wrote:

> Does anyone disagree with the below change (not yet merged to 2.x 
> branches)? There is a similar paragraph in howto/auth.xml that I 
> intend to remove.

I would say digest authentication is insecure because it (to my knowledge) forces you to store
the password in cleartext. Encrypt the password at rest, encrypt over the wire with basic_auth+ssl.


View raw message