daniel,
> Where do you see an unencrypted request here? I just see one unauthenticated > and one authenticated here. The log tells nothing about the encryption status. ok, my bad... > SSL is transport layer security, i.e. in encrypts the data stream, regardless > on higher level protocols' authentication scheme. It doesn't know nor care. > HTTP auth is then applied on top (i.e. inside the encrypted data stream), that much i knew > and the way it works is to issue a request, and wait for the server to ask > for authentication (which it does, 401). The client will then follow up with > an attempt to present its credentials, which succeeds (207, webdav multi > status). ant that's what bothers me... as someone else already mentioned, i consider an unauthenticated request as unnecessary, if authentication is already known as required. regardless if the cost of an http-request is with today's cpu-power and network bandwith close to neglectible... it's still unnecessary... and it fills up the log... but i can totally understand if there are more important things to fix. greetings... -- ====================================================================== e-mails are like postcards! everyone can read them... ====================================================================== for more information about encryption see: - http://openpgp.org/ - https://en.wikipedia.org/wiki/Pretty_good_privacy (english) - https://de.wikipedia.org/wiki/Pretty_Good_Privacy (deutsch) ======================================================================
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
