Kevin Minder created KNOX-30:
--------------------------------
Summary: Limit HTTP basic auth chalenges to HTTPS
Key: KNOX-30
URL: https://issues.apache.org/jira/browse/KNOX-30
Project: Apache Knox
Issue Type: New Feature
Reporter: Kevin Minder
Assignee: Kevin Minder
>From BUG-4308
In general the only standard way to provide credentials for a REST API call is
via basic auth. This is inherently insecure. The gateway should at least
optionally refuse to challenge over HTTP but more ideally would redirect to an
HTTPS endpoint and challenge for credentials.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
