Basic Authentication does not mention SSL ----------------------------------------- Key: WFLY-1408 URL: https://issues.jboss.org/browse/WFLY-1408 Project: WildFly Issue Type: Bug Components: Documentation Reporter: floyd floyd Assignee: Zach Rhoads In the following documentation Basic Authentication is suggested. I have two comments: - The documentation should clearly state that SSL (so HTTPS) should be used when using Basic authentication or Digest authentication. Usernames and Passwords will be sent in Cleartext in every single HTTP request to the server if SSL is not used when using Basic authentication. Which is clearly a security issue. - The documentation should suggest Digest authentication rather than Basic authentication. https://docs.jboss.org/author/display/WFLY8/WS-Security#WS-Security-Authe... The same problem exists for the AS7 documentation: https://docs.jboss.org/author/display/AS7/Developer+Guide#DeveloperGuide-...