Bug 19189 - Invalid Warning For HTTP Digest Authentication
Summary: Invalid Warning For HTTP Digest Authentication
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: 525.x (Safari 3.1)
Hardware: Macintosh OS X 10.4
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2008-05-22 08:00 PDT by dac514
Modified: 2008-05-22 13:08 PDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description dac514 2008-05-22 08:00:27 PDT 
When using HTTP Digest Authentication, Safari warns "Your password will be sent in the clear" which is not a true statement.

This is problematic because it makes a login that is (more or less) secure seem very insecure to the user.

If you want a quick way to setup HTTP Digest Authentication, phpMyID uses it. Otherwise, Apache has mod_auth_digest which is also easy to setup.

@see:
http://en.wikipedia.org/wiki/Digest_access_authentication
http://siege.org/projects/phpMyID/
http://httpd.apache.org/docs/1.3/howto/auth.html#digest
Comment 1 Alexey Proskuryakov 2008-05-22 12:00:23 PDT 
<rdar://problem/5956669>
Comment 2 Mark Rowe (bdash) 2008-05-22 13:08:44 PDT 
This issue is not in WebKit, but the CFNetwork framework that WebKit uses for network communication.  It was fixed in Mac OS X 10.5.  Closing bug as INVALID to indicate that the bug is outside of WebKit.