On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon <[email protected]> wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value MD5. The change also
> updates the Digest authentication implementation to use some of the more
> secure features defined in RFC7616, such as username hashing and additional
> digest algorithms like SHA256 and SHA512-256.
>
> - Michael
src/java.base/share/classes/java/net/doc-files/net-properties.html line 227:
> 225: name.</P>
> 226: </OL>
> 227: <LI><P><B>{@systemProperty http.auth.digest.reEnabledAlgs}</B>
> (default: <none>)<BR>
Hello Michael, from what I understand of `doc-files` directory (which is where
this html file resides) the `javadoc` tool considers it an unprocessed files
location[1]. So would adding the `systemProperty` javadoc taglet here be
necessary? I think this won't end up being listed in the system properties
index generated by the javadoc tool and I think this line here will just get
rendered literally.
[1] https://docs.oracle.com/javase/8/docs/technotes/tools/windows/javadoc.html
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
