xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554282 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_auth_digest.html.en b/docs/manual/mod/mod_auth_digest.html.en
index 71fbc5f43a005af20f1ce2e90c7ea73b6fb07fb9..9dd7764df702de29915caf1da660855d2f23ffdd 100644 (file)
--- a/docs/manual/mod/mod_auth_digest.html.en
+++ b/docs/manual/mod/mod_auth_digest.html.en
@@ -38,8 +38,11 @@
     <p>This module implements HTTP Digest Authentication
     (<a href="http://www.faqs.org/rfcs/rfc2617.html">RFC2617</a>), and
     provides an alternative to <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> where the
-    password is not transmitted as cleartext. However, the security
-    improvement over basic authentication is very small. Encrypting the
+    password is not transmitted as cleartext. However, this does
+    <strong>not</strong> lead to a significant security advantage over
+    basic authentication. On the other hand, the password storage on the
+    server is much less secure with digest authentication than with
+    basic authentication. Therefore, using basic auth and encrypting the
     whole connection using <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> is a much better
     alternative.</p>
 </div>
@@ -99,9 +102,11 @@
     man-in-the-middle attacker can trivially force the browser to downgrade
     to basic authentication. And even a passive eavesdropper can brute-force
     the password using today's graphics hardware, because the hashing
-    algorithm used by digest authentication is too fast. Therefore
-    using <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> to encrypt the whole connection is
-    recommended.</p>
+    algorithm used by digest authentication is too fast. Another problem is
+    that the storage of the passwords on the server is insecure. The contents
+    of a stolen htdigest file can be used directly for digest authentication.
+    Therefore using <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> to encrypt the whole connection is
+    strongly recommended.</p>
     <p><code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> only works properly on platforms
       where APR supports shared memory.</p>
     </div>

diff --git a/docs/manual/mod/mod_auth_digest.xml.fr b/docs/manual/mod/mod_auth_digest.xml.fr
index 07aeca2afef4ab0cadca27f01ad3146d1b1e3626..394dbf9e7e5a54f5c69eabd223b507167664ed15 100644 (file)
--- a/docs/manual/mod/mod_auth_digest.xml.fr
+++ b/docs/manual/mod/mod_auth_digest.xml.fr
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1415960:1554276 (outdated) -->
+<!-- English Revision: 1415960:1554281 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 

diff --git a/docs/manual/mod/mod_auth_digest.xml.ko b/docs/manual/mod/mod_auth_digest.xml.ko
index 7fb5dd37735bcb5ff6118f48ff457dd63ffd0c4a..0d6179f86fd9022d0d6b8fb36864005590d5ecb4 100644 (file)
--- a/docs/manual/mod/mod_auth_digest.xml.ko
+++ b/docs/manual/mod/mod_auth_digest.xml.ko
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="EUC-KR" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:1554276 (outdated) -->
+<!-- English Revision: 105989:1554281 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more