Bug 19189
| Summary: | Invalid Warning For HTTP Digest Authentication | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | dac514 |
| Component: | WebKit Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | Keywords: | InRadar |
| Priority: | P2 | ||
| Version: | 525.x (Safari 3.1) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.4 | ||
dac514
When using HTTP Digest Authentication, Safari warns "Your password will be sent in the clear" which is not a true statement.
This is problematic because it makes a login that is (more or less) secure seem very insecure to the user.
If you want a quick way to setup HTTP Digest Authentication, phpMyID uses it. Otherwise, Apache has mod_auth_digest which is also easy to setup.
@see:
http://en.wikipedia.org/wiki/Digest_access_authentication
http://siege.org/projects/phpMyID/
http://httpd.apache.org/docs/1.3/howto/auth.html#digest
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
<rdar://problem/5956669>
Mark Rowe (bdash)
This issue is not in WebKit, but the CFNetwork framework that WebKit uses for network communication. It was fixed in Mac OS X 10.5. Closing bug as INVALID to indicate that the bug is outside of WebKit.