DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12680>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12680 Digest authentication with integrity protection Summary: Digest authentication with integrity protection Product: Apache httpd-2.0 Version: 2.0.39 Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: mod_auth_digest AssignedTo: bugs@httpd.apache.org ReportedBy: [EMAIL PROTECTED] Apache supports digest authentication as a replacement for basic in HTTP/1.1. Unfortunately, it doesn't support it completely as described in RFC2617, that is, it doesn't implement integrity protection yet (qop=auth-int, includes a hash of the body as well as the password/username to prevent the page transmitted from being tempered with). It would really be useful if implemented, as I can't use SSL for performance problems (embedded web server). I'm sure a lot of people would benefit from the security increase it provides! PS : The neon client library (http://www.webdav.org/neon/) supports that all right, and is free software as well! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
