Received: (qmail 72514 invoked by uid 501); 14 Feb 2001 07:58:31 -0000 Message-Id: <20010214075831.72513.qmail@apache.org> Date: 14 Feb 2001 07:58:31 -0000 From: georg knittel Reply-To: georg.knittel@volkswagen.de To: submit@bugz.apache.org Subject: clear Password transmitted between webserver and directoryserver X-Send-Pr-Version: 3.110 >Number: 7244 >Category: mod_auth-any >Synopsis: clear Password transmitted between webserver and directoryserver >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Feb 14 00:00:01 PST 2001 >Closed-Date: Wed Feb 14 08:16:19 PST 2001 >Last-Modified: Wed Feb 14 08:16:19 PST 2001 >Originator: georg.knittel@volkswagen.de >Release: 1.3.17 mod_ldap-1.7c >Organization: >Environment: gcc HP-UX 11.00 solaris 2.8 >Description: I am astonished, to see taht the opassword challenge is not performed at the web server. This concept of your module is basically not acceptable and not standard of technology >How-To-Repeat: Have a look to your ldap requests and responses >Fix: rewriting your module >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: coar State-Changed-When: Wed Feb 14 08:16:18 PST 2001 State-Changed-Why: mod_ldap is not part of the basic Apache package; it is a third-party after-market module, and we have neither control nor influence over it. Contact the module's author with your complaint, not us. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]