diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2016-07-16 23:25:53 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2016-07-16 23:25:53 -0400 |
commit | 00cc4d7c0ecd9be2c5f1cd6a5397b78f75830905 (patch) | |
tree | 4e3e0cb9511ba0fa9aa67040db980370dd147ddd /doc | |
parent | 052a049f29ca7478d5e86924add77bce481d68bf (diff) | |
download | lighttpd-git-00cc4d7c0ecd9be2c5f1cd6a5397b78f75830905.tar.gz |
[mod_auth] fix Digest auth to be better than Basic (fixes #1844)
Make Digest authentication more compliant with RFC.
Excerpt from https://www.rfc-editor.org/rfc/rfc7616.txt Section 5.13:
The bottom line is that any compliant implementation will be
relatively weak by cryptographic standards, but any compliant
implementation will be far superior to Basic Authentication.
x-ref:
"Serious security problem in Digest Authentication"
https://redmine.lighttpd.net/issues/1844
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions