mirror of
https://github.com/apache/httpd.git
synced 2025-12-03 09:31:16 +03:00
a5c03b90b8
add a module <compatibility> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@658931 13f79535-47bb-0310-9956-ffa450edef68
233 lines
9.3 KiB
XML
233 lines
9.3 KiB
XML
<?xml version="1.0"?>
|
|
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
|
|
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
|
|
<!-- $LastChangedRevision$ -->
|
|
|
|
<!--
|
|
Licensed to the Apache Software Foundation (ASF) under one or more
|
|
contributor license agreements. See the NOTICE file distributed with
|
|
this work for additional information regarding copyright ownership.
|
|
The ASF licenses this file to You under the Apache License, Version 2.0
|
|
(the "License"); you may not use this file except in compliance with
|
|
the License. You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
|
|
<modulesynopsis metafile="mod_session_crypto.xml.meta">
|
|
|
|
<name>mod_session_crypto</name>
|
|
<description>Session encryption support</description>
|
|
<status>Extension</status>
|
|
<sourcefile>mod_session_crypto.c</sourcefile>
|
|
<identifier>session_crypto_module</identifier>
|
|
<compatibility>Available in Apache 2.3 and later</compatibility>
|
|
|
|
<summary>
|
|
<note type="warning"><title>Warning</title>
|
|
<p>The session modules make use of HTTP cookies, and as such can fall
|
|
victim to Cross Site Scripting attacks, or expose potentially private
|
|
information to clients. Please ensure that the relevant risks have
|
|
been taken into account before enabling the session functionality on
|
|
your server.</p>
|
|
</note>
|
|
|
|
<p>This submodule of <module>mod_session</module> provides support for the
|
|
encryption of user sessions before being written to a local database, or
|
|
written to a remote browser via an HTTP cookie.</p>
|
|
|
|
<p>This can help provide privacy to user sessions where the contents of
|
|
the session should be kept private from the user, or where protection is
|
|
needed against the effects of cross site scripting attacks.</p>
|
|
|
|
<p>For more details on the session interface, see the documentation for
|
|
the <module>mod_session</module> module.</p>
|
|
|
|
</summary>
|
|
<seealso><module>mod_session</module></seealso>
|
|
<seealso><module>mod_session_cookie</module></seealso>
|
|
<seealso><module>mod_session_dbd</module></seealso>
|
|
|
|
<section id="basicusage"><title>Basic Usage</title>
|
|
|
|
<p>To create a simple encrypted session and store it in a cookie called
|
|
<var>session</var>, configure the session as follows:</p>
|
|
|
|
<example><title>Browser based encrypted session</title>
|
|
Session On<br />
|
|
SessionCookieName session path=/<br />
|
|
SessionCryptoPassphrase secret
|
|
</example>
|
|
|
|
<p>The session will be encrypted with the given key. Different servers can
|
|
be configured to share sessions by ensuring the same encryption key is used
|
|
on each server.</p>
|
|
|
|
<p>If the encryption key is changed, sessions will be invalidated
|
|
automatically.</p>
|
|
|
|
<p>For documentation on how the session can be used to store username
|
|
and password details, see the <module>mod_auth_form</module> module.</p>
|
|
|
|
</section>
|
|
|
|
<directivesynopsis>
|
|
<name>SessionCryptoPassphrase</name>
|
|
<description>The key used to encrypt the session</description>
|
|
<syntax>SessionCryptoPassphrase <var>secret</var></syntax>
|
|
<default>none</default>
|
|
<contextlist><context>server config</context>
|
|
<context>virtual host</context>
|
|
<context>directory</context>
|
|
<context>.htaccess</context>
|
|
</contextlist>
|
|
<compatibility>Available in Apache 2.3.0 and later</compatibility>
|
|
|
|
<usage>
|
|
<p>The <directive>SessionCryptoPassphrase</directive> directive specifies the key
|
|
to be used to enable symmetrical encryption on the contents of the session before
|
|
writing the session, or decrypting the contents of the session after reading the session.</p>
|
|
|
|
<p>Keys are more secure when they are long, and consist of truly random characters.
|
|
Changing the key on a server has the effect of invalidating all existing sessions.</p>
|
|
|
|
<p>If the <directive module="mod_session_crypto">SessionCryptoCertificateFile</directive>
|
|
directive is set and asymmetrical encryption is enabled instead, the
|
|
<directive module="mod_session_crypto">SessionCryptoPassphrase</directive> directive
|
|
will be interpreted as the passphrase of the key, if the key is encrypted.</p>
|
|
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>SessionCryptoCertificateFile</name>
|
|
<description>The certificate used to encrypt and decrypt the session</description>
|
|
<syntax>SessionCryptoCertificateFile <var>file</var></syntax>
|
|
<default>none</default>
|
|
<contextlist><context>server config</context>
|
|
<context>virtual host</context>
|
|
<context>directory</context>
|
|
<context>.htaccess</context>
|
|
</contextlist>
|
|
<compatibility>Available in Apache 2.3.0 and later</compatibility>
|
|
|
|
<usage>
|
|
<p>The <directive>SessionCryptoCertificateFile</directive> directive specifies the name
|
|
of a certificate to be used to asymmetrically encrypt the contents of the session before
|
|
writing the session, or decrypting the content of the session after reading the session.</p>
|
|
|
|
<p>Changing the certificate on a server has the effect of invalidating all existing
|
|
sessions.</p>
|
|
|
|
<p>If the key associated with this certificate is protected with a passphrase, the
|
|
<directive module="mod_session_crypto">SessionCryptoPassphrase</directive> directive
|
|
will be interpreted as the passphrase to use to decrypt the key.</p>
|
|
|
|
<note type="warning"><title>Experimental</title>
|
|
<p>This directive is dependent on experimental support for asymmetrical encryption
|
|
support currently available in prerelease versions of OpenSSL, and will only be
|
|
available on platforms that support it.</p>
|
|
</note>
|
|
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>SessionCryptoCertificateKeyFile</name>
|
|
<description>The certificate key used to encrypt and decrypt the session</description>
|
|
<syntax>SessionCryptoCertificateKeyFile <var>file</var></syntax>
|
|
<default>none</default>
|
|
<contextlist><context>server config</context>
|
|
<context>virtual host</context>
|
|
<context>directory</context>
|
|
<context>.htaccess</context>
|
|
</contextlist>
|
|
<compatibility>Available in Apache 2.3.0 and later</compatibility>
|
|
|
|
<usage>
|
|
<p>The <directive>SessionCryptoCertificateKeyFile</directive> directive specifies the name
|
|
of a certificate key to be used alongside a certificate to encrypt the contents of the
|
|
session before writing the session, or decrypting the content of the session after reading
|
|
the session.</p>
|
|
|
|
<p>Changing the certificate or key on a server has the effect of invalidating all existing
|
|
sessions.</p>
|
|
|
|
<p>If this key is protected with a passphrase, the
|
|
<directive module="mod_session_crypto">SessionCryptoPassphrase</directive> directive
|
|
will be interpreted as the passphrase to use to decrypt the key.</p>
|
|
|
|
<note type="warning"><title>Experimental</title>
|
|
<p>This directive is dependent on experimental support for asymmetrical encryption
|
|
support currently available in prerelease versions of OpenSSL, and will only be
|
|
available on platforms that support it.</p>
|
|
</note>
|
|
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>SessionCryptoCipher</name>
|
|
<description>The name of the cipher to use during encryption / decryption</description>
|
|
<syntax>SessionCryptoCipher <var>cipher</var></syntax>
|
|
<default>AES256</default>
|
|
<contextlist><context>server config</context>
|
|
<context>virtual host</context>
|
|
<context>directory</context>
|
|
<context>.htaccess</context>
|
|
</contextlist>
|
|
<compatibility>Available in Apache 2.3.0 and later</compatibility>
|
|
|
|
<usage>
|
|
<p>The <directive>SessionCryptoCipher</directive> directive specifies the name
|
|
of the cipher to use during encryption. The ciphers available will depend on the
|
|
underlying encryption toolkit on the server platform.</p>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>SessionCryptoDigest</name>
|
|
<description>The name of the digest to use during encryption / decryption</description>
|
|
<syntax>SessionCryptoDigest <var>cipher</var></syntax>
|
|
<default>SHA</default>
|
|
<contextlist><context>server config</context>
|
|
<context>virtual host</context>
|
|
<context>directory</context>
|
|
<context>.htaccess</context>
|
|
</contextlist>
|
|
<compatibility>Available in Apache 2.3.0 and later</compatibility>
|
|
|
|
<usage>
|
|
<p>The <directive>SessionCryptoDigest</directive> directive specifies the name
|
|
of the digest to use during encryption. The list of digests available will depend
|
|
on the underlying encryption toolkit on the server platform.</p>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>SessionCryptoEngine</name>
|
|
<description>The name of the engine to use during encryption / decryption</description>
|
|
<syntax>SessionCryptoEngine <var>engine</var></syntax>
|
|
<default>none</default>
|
|
<contextlist><context>server config</context>
|
|
<context>virtual host</context>
|
|
<context>directory</context>
|
|
<context>.htaccess</context>
|
|
</contextlist>
|
|
<compatibility>Available in Apache 2.3.0 and later</compatibility>
|
|
|
|
<usage>
|
|
<p>The <directive>SessionCryptoEngine</directive> directive specifies the name
|
|
of the engine to use during encryption, depending on the capabilities of the
|
|
underlying encryption toolkit on the server platform.</p>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
</modulesynopsis>
|