Confirmed users
400
edits
Services/Sync/Features/MigrateToDigestAuth: Difference between revisions
Jump to navigation
Jump to search
Services/Sync/Features/MigrateToDigestAuth (view source)
Revision as of 22:25, 30 August 2011
, 30 August 2011no edit summary
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
|Feature health=OK | |Feature health=OK | ||
}} | }} | ||
{{FeatureTeam}} | {{FeatureTeam | ||
|Feature product manager=Jennifer Arguello | |||
|Feature feature manager=Jennifer Arguello | |||
|Feature lead engineer=Chenxia Liu | |||
|Feature security lead=Brian Smith (?) | |||
|Feature qa lead=Tracy Walker | |||
}} | |||
{{FeaturePageBody | {{FeaturePageBody | ||
|Feature open issues and risks=Sync web servers receive username/pass in cleartext (BasicAuth) through https before handing them off to LDAP/mySQL. Will be a problem when we store sync-keys protected by username/pass, because access to Sync web servers will be point of vulnerability. | |Feature open issues and risks=Sync web servers receive username/pass in cleartext (BasicAuth) through https before handing them off to LDAP/mySQL. Will be a problem when we store sync-keys protected by username/pass, because access to Sync web servers will be point of vulnerability. | ||