[
https://issues.apache.org/jira/browse/KNOX-30?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Minder resolved KNOX-30.
------------------------------
Resolution: Fixed
Fix Version/s: 0.2.0
The gateway can now be configured to use HTTPS. This is all or nothing meaning
that we cannot have HTTP for normal traffic and HTTPS just for challenge
responses. This is good enough.
> Limit HTTP basic auth chalenges to HTTPS
> ----------------------------------------
>
> Key: KNOX-30
> URL: https://issues.apache.org/jira/browse/KNOX-30
> Project: Apache Knox
> Issue Type: New Feature
> Reporter: Kevin Minder
> Assignee: Kevin Minder
> Fix For: 0.2.0
>
>
> From BUG-4308
> In general the only standard way to provide credentials for a REST API call
> is via basic auth. This is inherently insecure. The gateway should at least
> optionally refuse to challenge over HTTP but more ideally would redirect to
> an HTTPS endpoint and challenge for credentials.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
