[jboss-jira] [JBoss JIRA] (WFLY-1408) Basic Authentication does not mention SSL
floyd floyd (JIRA)
jira-events at lists.jboss.org
Wed May 29 02:50:56 EDT 2013
floyd floyd created WFLY-1408:
---------------------------------
Summary: Basic Authentication does not mention SSL
Key: WFLY-1408
URL: https://issues.jboss.org/browse/WFLY-1408
Project: WildFly
Issue Type: Bug
Components: Documentation
Reporter: floyd floyd
Assignee: Tom Wells
In the following documentation Basic Authentication is suggested. I have two comments:
- The documentation should clearly state that SSL (so HTTPS) should be used when using Basic Authentication or Digest Authentication. Usernames and Passwords will be sent in Cleartext in every single HTTP request to the server if SSL is not used. Which is clearly a big security issue.
- The documentation should suggest Digest authentication rather than Basic authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list