From 1265b8fe92c066ec5e26bdfcddbbca421075e7bd Mon Sep 17 00:00:00 2001
From: Stefan Fritsch
Date: Sun, 5 Jan 2014 16:11:29 +0000
Subject: [PATCH] xforms
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555542 13f79535-47bb-0310-9956-ffa450edef68
---
docs/manual/mod/mod_auth_digest.html.en | 22 ++++++++++++++++++----
docs/manual/mod/mod_auth_digest.html.fr | 2 ++
docs/manual/mod/mod_auth_digest.xml.fr | 2 +-
docs/manual/mod/mod_auth_digest.xml.ko | 2 +-
docs/manual/mod/mod_auth_digest.xml.meta | 2 +-
docs/manual/mod/mod_authnz_ldap.html.fr | 2 --
docs/manual/mod/mod_authnz_ldap.xml.meta | 2 +-
docs/manual/mod/mod_rewrite.html.en | 9 +++++++--
docs/manual/mod/mod_rewrite.html.fr | 12 +++++++++---
docs/manual/platform/windows.html.fr | 3 +--
docs/manual/platform/windows.xml.meta | 2 +-
11 files changed, 42 insertions(+), 18 deletions(-)
diff --git a/docs/manual/mod/mod_auth_digest.html.en b/docs/manual/mod/mod_auth_digest.html.en
index ca6d4df3ba..69e2b5c370 100644
--- a/docs/manual/mod/mod_auth_digest.html.en
+++ b/docs/manual/mod/mod_auth_digest.html.en
@@ -37,7 +37,14 @@
This module implements HTTP Digest Authentication
(RFC2617), and
- provides a more secure alternative to mod_auth_basic
.
+ provides an alternative to mod_auth_basic
where the
+ password is not transmitted as cleartext. However, this does
+ not lead to a significant security advantage over
+ basic authentication. On the other hand, the password storage on the
+ server is much less secure with digest authentication than with
+ basic authentication. Therefore, using basic auth and encrypting the
+ whole connection using mod_ssl
is a much better
+ alternative.
Note
-
Digest authentication is more secure than Basic authentication,
- but only works with supporting browsers. As of this writing (December
- 2012) all major browsers support digest authentication.
+
Digest authentication was intended to be more secure than basic
+ authentication, but no longer fulfills that design goal. A
+ man-in-the-middle attacker can trivially force the browser to downgrade
+ to basic authentication. And even a passive eavesdropper can brute-force
+ the password using today's graphics hardware, because the hashing
+ algorithm used by digest authentication is too fast. Another problem is
+ that the storage of the passwords on the server is insecure. The contents
+ of a stolen htdigest file can be used directly for digest authentication.
+ Therefore using mod_ssl
to encrypt the whole connection is
+ strongly recommended.
mod_auth_digest
only works properly on platforms
where APR supports shared memory.
diff --git a/docs/manual/mod/mod_auth_digest.html.fr b/docs/manual/mod/mod_auth_digest.html.fr
index 4d47f8466b..c1d6f96799 100644
--- a/docs/manual/mod/mod_auth_digest.html.fr
+++ b/docs/manual/mod/mod_auth_digest.html.fr
@@ -28,6 +28,8 @@
fr |
ko
+Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.
Description: | Authentification utilisateur utilisant les condensés
MD5 |
Statut: | Extension |
diff --git a/docs/manual/mod/mod_auth_digest.xml.fr b/docs/manual/mod/mod_auth_digest.xml.fr
index 31d46fab75..12b5d2d961 100644
--- a/docs/manual/mod/mod_auth_digest.xml.fr
+++ b/docs/manual/mod/mod_auth_digest.xml.fr
@@ -1,7 +1,7 @@
-
+
diff --git a/docs/manual/mod/mod_auth_digest.xml.ko b/docs/manual/mod/mod_auth_digest.xml.ko
index edcf4f8359..05f4f95e1a 100644
--- a/docs/manual/mod/mod_auth_digest.xml.ko
+++ b/docs/manual/mod/mod_auth_digest.xml.ko
@@ -1,7 +1,7 @@
-
+