<note><title>Note</title>
<p>Digest authentication is more secure than Basic authentication,
- but only works with supporting browsers. As of September 2004, major
- browsers that support digest authentication include <a
- href="http://www.w3.org/Amaya/">Amaya</a>, <a
- href="http://konqueror.kde.org/">Konqueror</a>, <a
- href="http://www.microsoft.com/windows/ie/">MS Internet Explorer</a>
- for Mac OS X and Windows (although the Windows version fails when
- used with a query string -- see "<a href="#msie" >Working with MS
- Internet Explorer</a>" below for a workaround), <a
- href="http://www.mozilla.org">Mozilla</a>,
- Netscape 7, <a href="http://www.opera.com/">Opera</a>, and <a
- href="http://www.apple.com/safari/">Safari</a>. <a
- href="http://lynx.isc.org/">lynx</a> does <strong>not</strong>
- support digest authentication. Since digest authentication is not as
- widely implemented as basic authentication, you should use it only
- in environments where all users will have supporting browsers.</p>
+ but only works with supporting browsers. As of this writing (December
+ 2012) all major browsers support digest authentication.</p>
<p><module>mod_auth_digest</module> only works properly on platforms
where APR supports shared memory.</p>
</note>
</section>
-<section id="msie"><title>Working with MS Internet Explorer</title>
- <p>The Digest authentication implementation in previous Internet
- Explorer for Windows versions (5 and 6) had issues, namely that
- <code>GET</code> requests with a query string were not RFC compliant.
- There are a few ways to work around this issue.</p>
-
- <p>
- The first way is to use <code>POST</code> requests instead of
- <code>GET</code> requests to pass data to your program. This method
- is the simplest approach if your application can work with this
- limitation.
- </p>
-
- <p>Since version 2.0.51 Apache also provides a workaround in the
- <code>AuthDigestEnableQueryStringHack</code> environment variable.
- If <code>AuthDigestEnableQueryStringHack</code> is set for the
- request, Apache will take steps to work around the MSIE bug and
- remove the query string from the digest comparison. Using this
- method would look similar to the following.</p>
-
- <example><title>Using Digest Authentication with MSIE:</title>
- <highlight language="config">
- BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
- </highlight>
- </example>
-
- <p>This workaround is not necessary for MSIE 7, though enabling it does
- not cause any compatibility issues or significant overhead.</p>
-
- <p>See the <directive module="mod_setenvif">BrowserMatch</directive>
- directive for more details on conditionally setting environment
- variables.</p>
-</section>
-
<directivesynopsis>
<name>AuthDigestProvider</name>
projects / apache / commitdiff