diff options
author | http://schmonz.livejournal.com/ <http://schmonz.livejournal.com/@web> | 2008-07-30 14:27:35 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2008-07-30 14:27:35 -0400 |
commit | e4b096ac411494416d73e344e0aaeaacabf2f266 (patch) | |
tree | c2e08a72280ddc1d3cf7af61c215bcd89a692781 | |
parent | 3b9fe3a1b64b011a72b6c54cb172a27922250d8b (diff) |
http(oop)s
-rw-r--r-- | doc/plugins/contrib/unixauth.mdwn | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/plugins/contrib/unixauth.mdwn b/doc/plugins/contrib/unixauth.mdwn index 6cdf87f6a..f369cd6ad 100644 --- a/doc/plugins/contrib/unixauth.mdwn +++ b/doc/plugins/contrib/unixauth.mdwn @@ -14,6 +14,8 @@ Config variables that affect the behavior of `unixauth`: __Security__: [As with passwordauth](/security/#index14h2), be wary of sending usernames and passwords in cleartext. Unlike passwordauth, sniffing `unixauth` credentials can get an attacker much further than mere wiki access. Therefore, this plugin defaults to not even _displaying_ the login form fields unless we're running under SSL. Nobody should be able to do anything remotely dumb until the admin has done at least a little thinking. After that, dumb things are always possible. ;-) +_XXX hang on, looks like we don't have the huge CGI environment so testing for ${HTTPS} always fails; need another way to be sure_ + [[!toggle id="code" text="unixauth.pm"]] [[!toggleable id="code" text=""" |