diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-02-03 21:08:34 -0500 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-07-08 19:54:29 -0400 |
commit | e1188e770eb1939387cbbc214c9d16599cddc36b (patch) | |
tree | e8be7ad81b7e512ab76b685284e2929a3a0d2048 /doc | |
parent | 9fdf24468df6420517876d67f52ae0c84faa76d8 (diff) | |
download | lighttpd-git-e1188e770eb1939387cbbc214c9d16599cddc36b.tar.gz |
[mod_auth] "nonce_secret" option to validate nonce (fixes #2976)
"nonce_secret" option to validate nonce was generated by the server
Marginally hardens HTTP Digest Auth. Necessary piece, but not
sufficient, to restrict re-use of nonce (mitigations for replay
or limiting nonce count reuse via nc=... are not implemented)
x-ref:
"Digest auth nonces are not validated"
https://redmine.lighttpd.net/issues/2976
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions