From 1265b8fe92c066ec5e26bdfcddbbca421075e7bd Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Sun, 5 Jan 2014 16:11:29 +0000 Subject: [PATCH] xforms git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555542 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_auth_digest.html.en | 22 ++++++++++++++++++---- docs/manual/mod/mod_auth_digest.html.fr | 2 ++ docs/manual/mod/mod_auth_digest.xml.fr | 2 +- docs/manual/mod/mod_auth_digest.xml.ko | 2 +- docs/manual/mod/mod_auth_digest.xml.meta | 2 +- docs/manual/mod/mod_authnz_ldap.html.fr | 2 -- docs/manual/mod/mod_authnz_ldap.xml.meta | 2 +- docs/manual/mod/mod_rewrite.html.en | 9 +++++++-- docs/manual/mod/mod_rewrite.html.fr | 12 +++++++++--- docs/manual/platform/windows.html.fr | 3 +-- docs/manual/platform/windows.xml.meta | 2 +- 11 files changed, 42 insertions(+), 18 deletions(-) diff --git a/docs/manual/mod/mod_auth_digest.html.en b/docs/manual/mod/mod_auth_digest.html.en index ca6d4df3ba..69e2b5c370 100644 --- a/docs/manual/mod/mod_auth_digest.html.en +++ b/docs/manual/mod/mod_auth_digest.html.en @@ -37,7 +37,14 @@

This module implements HTTP Digest Authentication (RFC2617), and - provides a more secure alternative to mod_auth_basic.

+ provides an alternative to mod_auth_basic where the + password is not transmitted as cleartext. However, this does + not lead to a significant security advantage over + basic authentication. On the other hand, the password storage on the + server is much less secure with digest authentication than with + basic authentication. Therefore, using basic auth and encrypting the + whole connection using mod_ssl is a much better + alternative.

Directives

Note

-

Digest authentication is more secure than Basic authentication, - but only works with supporting browsers. As of this writing (December - 2012) all major browsers support digest authentication.

+

Digest authentication was intended to be more secure than basic + authentication, but no longer fulfills that design goal. A + man-in-the-middle attacker can trivially force the browser to downgrade + to basic authentication. And even a passive eavesdropper can brute-force + the password using today's graphics hardware, because the hashing + algorithm used by digest authentication is too fast. Another problem is + that the storage of the passwords on the server is insecure. The contents + of a stolen htdigest file can be used directly for digest authentication. + Therefore using mod_ssl to encrypt the whole connection is + strongly recommended.

mod_auth_digest only works properly on platforms where APR supports shared memory.

diff --git a/docs/manual/mod/mod_auth_digest.html.fr b/docs/manual/mod/mod_auth_digest.html.fr index 4d47f8466b..c1d6f96799 100644 --- a/docs/manual/mod/mod_auth_digest.html.fr +++ b/docs/manual/mod/mod_auth_digest.html.fr @@ -28,6 +28,8 @@  fr  |  ko 

+
Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.
diff --git a/docs/manual/mod/mod_auth_digest.xml.fr b/docs/manual/mod/mod_auth_digest.xml.fr index 31d46fab75..12b5d2d961 100644 --- a/docs/manual/mod/mod_auth_digest.xml.fr +++ b/docs/manual/mod/mod_auth_digest.xml.fr @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/mod/mod_auth_digest.xml.ko b/docs/manual/mod/mod_auth_digest.xml.ko index edcf4f8359..05f4f95e1a 100644 --- a/docs/manual/mod/mod_auth_digest.xml.ko +++ b/docs/manual/mod/mod_auth_digest.xml.ko @@ -1,7 +1,7 @@ - +
Description:Authentification utilisateur utilisant les condensés MD5
Statut:Extension