[mod_auth] "nonce_secret" option to validate nonce (fixes #2976)

"nonce_secret" option to validate nonce was generated by the server

Marginally hardens HTTP Digest Auth.  Necessary piece, but not
sufficient, to restrict re-use of nonce (mitigations for replay
or limiting nonce count reuse via nc=... are not implemented)

x-ref:
  "Digest auth nonces are not validated"
  https://redmine.lighttpd.net/issues/2976

0 files changed, 0 insertions, 0 deletions