[jboss-jira] [JBoss JIRA] (WFLY-1408) Basic Authentication does not mention SSL
ANGELA ROBERTSON (JIRA)
issues at jboss.org
Tue Dec 22 08:59:01 EST 2015
[ https://issues.jboss.org/browse/WFLY-1408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
ANGELA ROBERTSON reassigned WFLY-1408:
--------------------------------------
Assignee: ANGELA ROBERTSON (was: Tom Wells)
> Basic Authentication does not mention SSL
> -----------------------------------------
>
> Key: WFLY-1408
> URL: https://issues.jboss.org/browse/WFLY-1408
> Project: WildFly
> Issue Type: Bug
> Components: Documentation
> Reporter: floyd floyd
> Assignee: ANGELA ROBERTSON
>
> In the following documentation Basic Authentication is suggested. I have two comments:
> - The documentation should clearly state that SSL (so HTTPS) should be used when using Basic authentication or Digest authentication. Usernames and Passwords will be sent in Cleartext in every single HTTP request to the server if SSL is not used when using Basic authentication. Which is clearly a security issue.
> - The documentation should suggest Digest authentication rather than Basic authentication.
> https://docs.jboss.org/author/display/WFLY8/WS-Security#WS-Security-Authenticationandauthorization
> The same problem exists for the AS7 documentation:
> https://docs.jboss.org/author/display/AS7/Developer+Guide#DeveloperGuide-ConfigureSecurityforBasicAuthentication
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list