[
https://issues.apache.org/jira/browse/KNOX-30?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Minder updated KNOX-30:
-----------------------------
Affects Version/s: (was: 0.2.0)
0.1.0
> Limit HTTP basic auth chalenges to HTTPS
> ----------------------------------------
>
> Key: KNOX-30
> URL: https://issues.apache.org/jira/browse/KNOX-30
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 0.1.0
> Reporter: Kevin Minder
> Assignee: Larry McCay
> Fix For: 0.2.0
>
>
> From BUG-4308
> In general the only standard way to provide credentials for a REST API call
> is via basic auth. This is inherently insecure. The gateway should at least
> optionally refuse to challenge over HTTP but more ideally would redirect to
> an HTTPS endpoint and challenge for credentials.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
