Is about time for 2.5.PRE5 now I think, but first the auth with odd
characters like space issue should be addressed I think..
Suggestions so far:
Robert: Use URL escaping everywhere
Henrik: Use : separated form for Basic authenticators, as is
(encoded) in the protocol. This is simpler to decode. URL escaping in
access.log and redirectors irregardless of auth protocol.
Thinking this over and considering the need for backwards compability
and simplicity of helper implementation, I'd say lets be flexible and
have a small auth helper protocol selector. I can volunteer to
implement one with the following protocols during the weekend:
- what we have today with it's issues "login<space>password\n"
- URL encoded per component "login<space>password\n"
- : separated "login:password\n"
- Simple message based
u8 length, char [] "login:password", char '\0'
(the NULL is to avoid stupid C helper bugs not always easily
detected)
Is there any other remaining known issues that must be fixed for 2.5?
From what I can tell the NTLM leaks have been plugged, plus some
other minor stuff.
Regards
Henrik
Received on Tue Feb 19 2002 - 20:15:54 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:48 MST