raboof/pekko
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions 10

=doc #18857 Add docs about comparing the secret when authenticating

Browse source
This commit is contained in:
Johan Andrén 2015-11-19 11:08:37 +01:00
parent fa683e1842
commit 63806bdbe0
11 changed files with 36 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
akka-docs-dev/rst/scala/http/routing-dsl/directives/security-directives/authenticateBasicAsync.rst
View file

@ -25,6 +25,8 @@ which by default is mapped to an ``401 Unauthorized`` response.
Standard HTTP-based authentication which uses the ``WWW-Authenticate`` header containing challenge data and
``Authorization`` header for receiving credentials is implemented in subclasses of ``HttpAuthenticator``.
See :ref:`credentials-and-timing-attacks-scala` for details about verifying the secret.
.. warning::
Make sure to use basic authentication only over SSL/TLS because credentials are transferred in plaintext.