diff options
| author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2008-08-06 09:53:38 +0000 |
|---|---|---|
| committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2008-08-06 09:53:38 +0000 |
| commit | 8f3dee4be7a695bd1bb3dd979c194adb50984045 (patch) | |
| tree | dfedb148685d95cfd0df3c8650a065f50d894b51 /doc | |
| parent | 49b80413759e1efbfb2363b47a742efe998895d5 (diff) | |
| download | neon-8f3dee4be7a695bd1bb3dd979c194adb50984045.tar.gz | |
* doc/security.xml: Update intro and auth sections.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1528 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/security.xml | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/doc/security.xml b/doc/security.xml index 5caeda6..f014276 100644 --- a/doc/security.xml +++ b/doc/security.xml @@ -6,8 +6,9 @@ model: use of a malicious HTTP server. Under this threat model, a range of attacks are possible against a client when the user (or application) can be tricked into accessing an HTTP server which is - controlled by an attacker. This section documents the types of - possible attack and describes how they affect &neon;.</para> + controlled by an attacker. This section documents various types of + possible attack and describes what mitigation is used in + &neon;.</para> <sect2> <title>CPU or memory consumption attacks</title> @@ -90,7 +91,9 @@ does not match the expected identity (or is otherwise not trusted), &neon; will fail the request by default. This behaviour can be overridden by the use of a callback installed using <xref - linkend="ne_ssl_set_verify"/>.</para> + linkend="ne_ssl_set_verify"/>, which allows the application to + present the certificate details to a user for manual/off-line + verification, if possible.</para> <para>Test cases for the correctness of the implementation of the identity verification algorithm are present in the &neon; test @@ -121,11 +124,11 @@ allowing the application (and hence, user) to specify that only a specific set of authentication protocols is permitted.</para> - <para>&neon; supports the Digest, and Negotiate authentication - schemes, which both allow user authentication without passing - credentials over the wire. The "domain" parameter is supported in - Digest, allowing the server to restrict an authentication session - to a particular set of URIs.</para> + <para>&neon; supports the Digest and Negotiate authentication + schemes, which both allow authentication of users without passing + credentials in cleartext over the wire. The "domain" parameter is + supported in Digest, allowing the server to restrict an + authentication session to a particular set of URIs.</para> </sect2> |