http-auth.mdtext

rvesse Mon, 15 Jul 2013 09:52:04 -0700

Author: rvesse
Date: Mon Jul 15 16:50:53 2013
New Revision: 1503334

URL: http://svn.apache.org/r1503334
Log:
More notes about reasons to not use preemptive authentication


Modified:
    jena/site/trunk/content/documentation/query/http-auth.mdtext

Modified: jena/site/trunk/content/documentation/query/http-auth.mdtext
URL: 
http://svn.apache.org/viewvc/jena/site/trunk/content/documentation/query/http-auth.mdtext?rev=1503334&r1=1503333&r2=1503334&view=diff
==============================================================================
--- jena/site/trunk/content/documentation/query/http-auth.mdtext (original)
+++ jena/site/trunk/content/documentation/query/http-auth.mdtext Mon Jul 15 
16:50:53 2013
@@ -55,8 +55,12 @@ services that don't support HTTP's built
 
 #### PreemptiveBasicAuthenticator
 
-This [authenticator][8] is a decorator over another authenticator that enables 
preemptive basic authentication.  This is not enabled by default because it 
reduces security as it can
- result in sending credentials to servers that don't actually require them.
+This [authenticator][8] is a decorator over another authenticator that enables 
preemptive basic authentication.
+
+This is not enabled by default for two reasons:
+
+ 1. It reduces security as it can result in sending credentials to servers 
that don't actually require them.
+ 2. It only works for basic authentication and not for other HTTP 
authentication mechanisms e.g. digest authentication
 
 #### DelegatingAuthenticator

svn commit: r1503334 - /jena/site/trunk/content/documentation/query/http-auth.mdtext

Reply via email to