Problem with basic_auth and digest_auth - cherrypy-devel

2 messages - Collapse all

Pete H

View profile

More options Feb 8, 6:39 am

From: Pete H <pe...@ssbg.zetnet.co.uk>

Date: Fri, 8 Feb 2008 03:39:57 -0800 (PST)

Local: Fri, Feb 8 2008 6:39 am

Subject: Problem with basic_auth and digest_auth

  Reply to author
  |
  Forward
  | Print
  | Individual message
  | Show original
  | Report this message
  | Find messages by this author
  

Hi,

I think I've found a problem with xxx_auth, but it seems so obvious I
thought I would ask before raising a ticket in case I have missed
something.

Problem is that the digest_auth tool does not check that the realm in
the request headers corresponds with the realm in config. It ought to
be possible to have a different protection space for every resource,
but unless the realm is checked this is not possible.

Seems to me there should be a line in auth.check_auth to do this, also
passing realm to this function of course.

Reply to author Forward

Sylvain Hellegouarch

View profile

More options Feb 8, 7:38 am

From: Sylvain Hellegouarch <s...@defuze.org>

Date: Fri, 08 Feb 2008 12:38:23 +0000

Local: Fri, Feb 8 2008 7:38 am

Subject: Re: [cherrypy-devel] Problem with basic_auth and digest_auth

  Reply to author
  |
  Forward
  | Print
  | Individual message
  | Show original
  | Report this message
  | Find messages by this author
  

Hi Peter,

Would you mind opening a ticket since this is a bug.

Thanks,
- Sylvain

Pete H a écrit :

- Show quoted text -

Reply to author Forward

End of messages

« Back to Discussions

« Newer topic

Older topic »