[Webkit-unassigned] [Bug 19189] New: Invalid Warning For HTTP Digest Authentication

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 22 08:00:27 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=19189

           Summary: Invalid Warning For HTTP Digest Authentication
           Product: WebKit
           Version: 525.x (Safari 3.1)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dac514 at hotmail.com


When using HTTP Digest Authentication, Safari warns "Your password will be sent
in the clear" which is not a true statement.

This is problematic because it makes a login that is (more or less) secure seem
very insecure to the user.

If you want a quick way to setup HTTP Digest Authentication, phpMyID uses it.
Otherwise, Apache has mod_auth_digest which is also easy to setup.

@see:
http://en.wikipedia.org/wiki/Digest_access_authentication
http://siege.org/projects/phpMyID/
http://httpd.apache.org/docs/1.3/howto/auth.html#digest


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list