19189 – Invalid Warning For HTTP Digest Authentication

RESOLVED INVALID 19189

Invalid Warning For HTTP Digest Authentication

https://bugs.webkit.org/show_bug.cgi?id=19189

Summary Invalid Warning For HTTP Digest Authentication

dac514

Reported 2008-05-22 08:00:27 PDT

When using HTTP Digest Authentication, Safari warns "Your password will be sent in the clear" which is not a true statement. This is problematic because it makes a login that is (more or less) secure seem very insecure to the user. If you want a quick way to setup HTTP Digest Authentication, phpMyID uses it. Otherwise, Apache has mod_auth_digest which is also easy to setup. @see: http://en.wikipedia.org/wiki/Digest_access_authentication http://siege.org/projects/phpMyID/ http://httpd.apache.org/docs/1.3/howto/auth.html#digest

Attachments
Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2008-05-22 12:00:23 PDT

<rdar://problem/5956669>

Mark Rowe (bdash)

Comment 2 2008-05-22 13:08:44 PDT

This issue is not in WebKit, but the CFNetwork framework that WebKit uses for network communication. It was fixed in Mac OS X 10.5. Closing bug as INVALID to indicate that the bug is outside of WebKit.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version 525.x (Safari 3.1)

Hardware Mac

OS OS X 10.4

Product WebKit

Component WebKit Misc.

Assignee

Nobody

Reported

2008-05-22 08:00 PDT

Modified

2008-05-22 13:08 PDT History

CC List

0 users

URL

Keywords InRadar

Depends on

Blocks