Bug 19189

Summary: Invalid Warning For HTTP Digest Authentication
Product: WebKit Reporter: dac514
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: 525.x (Safari 3.1)   
Hardware: Mac   
OS: OS X 10.4   

Description dac514 2008-05-22 08:00:27 PDT
When using HTTP Digest Authentication, Safari warns "Your password will be sent in the clear" which is not a true statement.

This is problematic because it makes a login that is (more or less) secure seem very insecure to the user.

If you want a quick way to setup HTTP Digest Authentication, phpMyID uses it. Otherwise, Apache has mod_auth_digest which is also easy to setup.

@see:
http://en.wikipedia.org/wiki/Digest_access_authentication
http://siege.org/projects/phpMyID/
http://httpd.apache.org/docs/1.3/howto/auth.html#digest
Comment 1 Alexey Proskuryakov 2008-05-22 12:00:23 PDT
<rdar://problem/5956669>
Comment 2 Mark Rowe (bdash) 2008-05-22 13:08:44 PDT
This issue is not in WebKit, but the CFNetwork framework that WebKit uses for network communication.  It was fixed in Mac OS X 10.5.  Closing bug as INVALID to indicate that the bug is outside of WebKit.