From ffbd333547a0e78292fc08f481609697f4625474 Mon Sep 17 00:00:00 2001
From: Jonas Sulzer <jonas@violoncello.ch>
Date: Fri, 29 Mar 2019 09:30:32 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=93=96=20DOC:=20add=20basic=20auth=20conf?=
 =?UTF-8?q?iguration=20warning?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jonas Sulzer <jonas@violoncello.ch>
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 86813a5..03d5f0a 100644
--- a/README.md
+++ b/README.md
@@ -134,6 +134,8 @@ HTTP server of your choice to authenticate. It should return HTTP 2xx for correc
 ### Configuration
 The only supported parameter is the URL of the web server where the authentication happens.
 
+**⚠⚠ Warning:** make sure to use the URL of a correctly configured HTTP Basic authenticating server. If the server always responds with a HTTP 2xx response without validating the users, this would allow anyone to log in to your Nextcloud instance with **any username / password combination**. ⚠⚠
+
 Add the following to your `config.php`:
 
     'user_backends' => array(