> Thats a very bad default. It anything it should be using htpasswd as a > default. SessionStore is an optimization only for the largest of sites > where updating the password file becomes a concurrency issue. No one > else should ever use it, period. I would make it use htpasswd (with > conf/passwd as the file) at initenv, and then make it so if you blank > the config value for the backend it disables the form.
BTW, how is the password sent from the browser to the server? In clear text, as a digest, ..., with the default form-based authentication? Cheers, Manu --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
