Bug 19189 - Invalid Warning For HTTP Digest Authentication
Summary: Invalid Warning For HTTP Digest Authentication
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: 525.x (Safari 3.1)
Hardware: Macintosh OS X 10.4
: P2 Normal
Assignee: Nobody
Keywords: InRadar
Depends on:
Reported: 2008-05-22 08:00 PDT by dac514
Modified: 2008-05-22 13:08 PDT (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description dac514 2008-05-22 08:00:27 PDT
When using HTTP Digest Authentication, Safari warns "Your password will be sent in the clear" which is not a true statement.

This is problematic because it makes a login that is (more or less) secure seem very insecure to the user.

If you want a quick way to setup HTTP Digest Authentication, phpMyID uses it. Otherwise, Apache has mod_auth_digest which is also easy to setup.

Comment 1 Alexey Proskuryakov 2008-05-22 12:00:23 PDT
Comment 2 Mark Rowe (bdash) 2008-05-22 13:08:44 PDT
This issue is not in WebKit, but the CFNetwork framework that WebKit uses for network communication.  It was fixed in Mac OS X 10.5.  Closing bug as INVALID to indicate that the bug is outside of WebKit.