Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recommend to use http-digest instead of http-basic #5027

Closed
wants to merge 4 commits into from
Closed

Recommend to use http-digest instead of http-basic #5027

wants to merge 4 commits into from

Conversation

javiereguiluz
Copy link
Member

Q A
Doc fix? no
New docs? yes
Applies to 2.3+
Fixed tickets -

xabbuh
xabbuh reviewed Feb 19, 2015
View reviewed changes
book/security.rst

Instead, consider using the ``http_digest`` firewall, which is almost identical
to ``http_basic`` but where user credentials are encoded and hashed before
including them in the request. Read :ref:`HTTP-Digest Authentication reference <reference-security-http-digest>`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you move the ref to a new line?

cordoval
cordoval reviewed Feb 19, 2015
View reviewed changes
reference/configuration/security.rst
HTTP-Digest Authentication
--------------------------

To use HTTP-Digest authentication you need to provide a realm and a key:
To use HTTP-Digest authentication you need to provide a realm and a key, which
is the random string that will be used to hash user's credentials. It's common
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hash the user's credentials?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed. Thanks.

@wouterj
Copy link
Member

wouterj commented Feb 20, 2015

👍

1 similar comment
@xabbuh
Copy link
Member

xabbuh commented Feb 20, 2015

👍

fabpot
fabpot reviewed Mar 9, 2015
View reviewed changes
book/security.rst
.. caution::

The ``http_basic`` firewall is only recommended while prototyping applications
or when the application is exclusively accesed through secure transports, such
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

accessed

@javiereguiluz
Copy link
Member Author

Closing this PR because of the concerns expressed by some Symfony Core members.

@javiereguiluz javiereguiluz deleted the recommend_http_digest branch January 3, 2018 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Status: Needs Work
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@javiereguiluz @wouterj @xabbuh @fabpot @weaverryan @cordoval