Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-1408

Basic Authentication does not mention SSL

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • Documentation
    • None
    • Documentation (Ref Guide, User Guide, etc.)

      In the following documentation Basic Authentication is suggested. I have two comments:

      • The documentation should clearly state that SSL (so HTTPS) should be used when using Basic authentication or Digest authentication. Usernames and Passwords will be sent in Cleartext in every single HTTP request to the server if SSL is not used when using Basic authentication. Which is clearly a security issue.
      • The documentation should suggest Digest authentication rather than Basic authentication.

      https://docs.jboss.org/author/display/WFLY8/WS-Security#WS-Security-Authenticationandauthorization

      The same problem exists for the AS7 documentation:

      https://docs.jboss.org/author/display/AS7/Developer+Guide#DeveloperGuide-ConfigureSecurityforBasicAuthentication

              zrhoads Zach Rhoads (Inactive)
              floyd_ch_jira floyd floyd (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: