On Fri, 23 Oct 2020 17:10:37 +0200 José Miguel Sánchez García <[email protected]> wrote:
Dear José, > That was the whole reasoning behind supporting digest authentication. > Sure, TLS protects the connection from third parties messing around > with your connection, but nothing prevents an evil/misconfigured > server from stealing your cleartext password. At least with digest > authentication, you know that the server is not seeing your password > either (at least you would if the login UI for HTTP auth were barely > usable and told you info about the security mechanism being used... > I'm getting off track sorry). I see what you mean. Still, when you go via TLS, it makes sure that the authenticity of the server is assured as well. > > Keeping with the spirit of the current set of command line arguments > > (e.g. -m for maps, of which you can specify as many as you want), > > one could have a flag -p (protect/password/whatever) that takes a > > group name and a cleartext password and applies it to all files > > matching that group in the serving folder, for example '-m "nogroup > > user:pw"' for example. > > I like that: simple and intuitive. Will do that, thanks! You might also go with "group user pw", which saves us one more "token"-format. > I hope it ends up being a drop-in solution, looking at the code it > seems like it will. We'll know when it's done ;) It most probably will be. With best regards Laslo
