update transformation

author André Malo <nd@apache.org>

Sat, 18 Dec 2010 20:01:39 +0000 (20:01 +0000)

committer André Malo <nd@apache.org>

Sat, 18 Dec 2010 20:01:39 +0000 (20:01 +0000)
author André Malo <nd@apache.org>
Sat, 18 Dec 2010 20:01:39 +0000 (20:01 +0000)
committer André Malo <nd@apache.org>
Sat, 18 Dec 2010 20:01:39 +0000 (20:01 +0000)
diff --git a/docs/manual/mod/mod_authz_core.html.en b/docs/manual/mod/mod_authz_core.html.en

index 3011e94d843a7125869fa94d025260e561123b0e..ede01a2474c5986fce967184b141a4b8bf28dcfa 100644 (file)
--- a/docs/manual/mod/mod_authz_core.html.en
+++ b/docs/manual/mod/mod_authz_core.html.en
@@ -378,6 +378,12 @@ authentication succeeds but authorization fails
      <code class="directive">AuthzSendForbiddenOnFailure</code> allows to change the
      response code to '403 FORBIDDEN'.</p>
  
+    <div class="warning"><h3>Security Warning</h3>
+    <p>Modifying the response in case of missing authorization weakens the
+    security of the password, because it reveals to a possible attacker, that
+    his guessed password was right.</p>
+    </div>
+
  </div>
  <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
  <div class="directive-section"><h2><a name="Require" id="Require">Require</a> <a name="require" id="require">Directive</a></h2>
author	André Malo <nd@apache.org>
	Sat, 18 Dec 2010 20:01:39 +0000 (20:01 +0000)
committer	André Malo <nd@apache.org>
	Sat, 18 Dec 2010 20:01:39 +0000 (20:01 +0000)