[jboss-jira] [JBoss JIRA] (WFLY-1408) Basic Authentication does not mention SSL

[Darran Lofthouse (JIRA)]

    [ https://issues.jboss.org/browse/WFLY-1408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13166918#comment-13166918 ] 

Darran Lofthouse commented on WFLY-1408:
----------------------------------------

The community documentation is editable by members of the community so feel free to update, although as we are not up to WildFly 10 edits may be most effective against the most recent major version in the docs.

> Basic Authentication does not mention SSL
> -----------------------------------------
>
>                 Key: WFLY-1408
>                 URL: https://issues.jboss.org/browse/WFLY-1408
>             Project: WildFly
>          Issue Type: Bug
>          Components: Documentation
>            Reporter: floyd floyd
>            Assignee: Zach Rhoads
>
> In the following documentation Basic Authentication is suggested. I have two comments:
> - The documentation should clearly state that SSL (so HTTPS) should be used when using Basic authentication or Digest authentication. Usernames and Passwords will be sent in Cleartext in every single HTTP request to the server if SSL is not used when using Basic authentication. Which is clearly a security issue.
> - The documentation should suggest Digest authentication rather than Basic authentication.
> https://docs.jboss.org/author/display/WFLY8/WS-Security#WS-Security-Authenticationandauthorization
> The same problem exists for the AS7 documentation:
> https://docs.jboss.org/author/display/AS7/Developer+Guide#DeveloperGuide-ConfigureSecurityforBasicAuthentication



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)