Re: auth_user_hash_pointer leak? (2.5 Bug #910)

From: Robert Collins <robertc@dont-contact.us>
Date: Thu, 19 Feb 2004 21:34:47 +1100

On Thu, 2004-02-19 at 03:04, Henrik Nordstrom wrote:
> Robert, what is the purpose of the auth_user_hash_pointer in the ntlm
> scheme, and do you have any idea as to why the use of this would be
> growing a lot?

challenge-response caching: if the challenge given by the helper is the
same, and the response is the same, it's a valid login a priori.

It will be growing a lot because it's not currently trimmed before the
user details are purged, and the new code will be never hitting.

My opinion: blow it away.

Rob

-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Received on Thu Feb 19 2004 - 03:34:52 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:04 MST