> + *) SECURITY - verification as to wether the nonce returned in the > + client response is one we issued ourselves by means of a > + AuthNonce secret exposed as an md5(). See mod_digest documentation > + for more details. The experimental/mod_auth_digest.c does not > + have this issue. [Dirk-Willem van Gulik] > +
Use CAN-2003-0987 for this issue Mark -- Mark J Cox ........................................... www.awe.com/mark Apache Software Foundation ..... OpenSSL Group ..... Apache Week editor