github
/
winsw
mirror of https://github.com/winsw/winsw
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #303 from CorwinNewall/patch-1 

Update xmlConfigFile.md
pull/311/head
Oleg Nenashev 2019-04-03 17:36:31 +03:00 committed by GitHub
parent f4c0002c93 13bd392b6c
commit cb8553b5c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/xmlConfigFile.md
View File

@ -164,9 +164,9 @@ For servers requiring authentication some parameters must be specified depending
* `none`: default, must not be specified * `none`: default, must not be specified
* `sspi`: Microsoft [authentication](https://en.wikipedia.org/wiki/Security_Support_Provider_Interface) including Kerberos, NTLM etc. * `sspi`: Microsoft [authentication](https://en.wikipedia.org/wiki/Security_Support_Provider_Interface) including Kerberos, NTLM etc.
* `basic`: Basic authentication, sub-parameters: * `basic`: Basic authentication, sub-parameters:
* `user=“UserName”` * `user="UserName"`
* `password=“Passw0rd”` * `password="Passw0rd"`
* `unsecureAuth=“true”: default=“false"` * `unsecureAuth="true": default="false"`
The parameter “unsecureAuth” is only effective when the transfer protocol is HTTP - unencrypted data transfer. This is a security vulnerability because the credentials are send in clear text! For a SSPI authentication this is not relevant because the authentication tokens are encrypted. The parameter “unsecureAuth” is only effective when the transfer protocol is HTTP - unencrypted data transfer. This is a security vulnerability because the credentials are send in clear text! For a SSPI authentication this is not relevant because the authentication tokens are encrypted.