> In clear text via a POST. I don't plan on changing this. If you want a
> secure login, you place it behind https. The only option for obscuring
> this would to implement a digest function javascript. I don't think
> it's work the effort.
I agree: if you want secure login, use https.
However, imagine the following scenario:
1/ Trac administrator set up a HTTP authentication with digest
far less secure than HTTPS - however HTTPS may simply not be available
but passwords are nevertheless not sent as plain text. This is a
common tradeoff.
2/ Everything works fine, Apache manages authentication (http
credentials w/ digest)
3/ Trac administrator performs an upgrade, or tweak Apache or Trac
configuration
4/ Unfortunately, things go bad - and they always go bad at some point
5/ Trac "automagically" detects HTTP authentication is no more
available, and decides on its own to send a form-based authentication
page
6/ Users end up with a nice form to log in, and fill in the form
7/ Plain text password travels back to the server. It is likely
authentication fails at this point, but it's too late:
User credentials have been transmitted in plain text over the
Internet, even if the admin quickly understands the problem and fixes
up the configuration within the next couple of minutes
It's too late: his nice Digest settings have been replaced with
plain text password
If my understanding is correct, the current design could lead to this
kind of issue.
I really hope I'm wrong and I missed some important point.
If I'm right, then I definitely do not want this kind of behavior on my servers.
Cheers,
Manu
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
