httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: svn commit: r1554276 - /httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.xml
Date Mon, 30 Dec 2013 17:11:56 GMT


Am 30.12.2013 18:07, schrieb Graham Leggett:
> On 30 Dec 2013, at 6:58 PM, Stefan Fritsch <sf@sfritsch.de> wrote:
> 
>> Does anyone disagree with the below change (not yet merged to 2.x 
>> branches)? There is a similar paragraph in howto/auth.xml that I 
>> intend to remove.
> 
> I would say digest authentication is insecure because it (to my knowledge) 
> forces you to store the password in cleartext

clearly no

[harry@srv-rhsoft:~]$ htdigest --help
Usage: htdigest [-c] passwordfile realm username
The -c flag creates a new file.

does *not* store plaintext passwords


Mime
View raw message