RESOLVED INVALID 19189
Invalid Warning For HTTP Digest Authentication
https://bugs.webkit.org/show_bug.cgi?id=19189
Summary Invalid Warning For HTTP Digest Authentication
dac514
Reported 2008-05-22 08:00:27 PDT
When using HTTP Digest Authentication, Safari warns "Your password will be sent in the clear" which is not a true statement. This is problematic because it makes a login that is (more or less) secure seem very insecure to the user. If you want a quick way to setup HTTP Digest Authentication, phpMyID uses it. Otherwise, Apache has mod_auth_digest which is also easy to setup. @see: http://en.wikipedia.org/wiki/Digest_access_authentication http://siege.org/projects/phpMyID/ http://httpd.apache.org/docs/1.3/howto/auth.html#digest
Attachments
Alexey Proskuryakov
Comment 1 2008-05-22 12:00:23 PDT
Mark Rowe (bdash)
Comment 2 2008-05-22 13:08:44 PDT
This issue is not in WebKit, but the CFNetwork framework that WebKit uses for network communication. It was fixed in Mac OS X 10.5. Closing bug as INVALID to indicate that the bug is outside of WebKit.
Note You need to log in before you can comment on or make changes to this bug.