Problem with basic_auth and digest_auth
1 view
Skip to first unread message
Pete H
Feb 8, 2008, 6:39:57 AM2/8/08
to cherrypy-devel
Hi,
I think I've found a problem with xxx_auth, but it seems so obvious I
thought I would ask before raising a ticket in case I have missed
something.
Problem is that the digest_auth tool does not check that the realm in
the request headers corresponds with the realm in config. It ought to
be possible to have a different protection space for every resource,
but unless the realm is checked this is not possible.
Seems to me there should be a line in auth.check_auth to do this, also
passing realm to this function of course.
I think I've found a problem with xxx_auth, but it seems so obvious I
thought I would ask before raising a ticket in case I have missed
something.
Problem is that the digest_auth tool does not check that the realm in
the request headers corresponds with the realm in config. It ought to
be possible to have a different protection space for every resource,
but unless the realm is checked this is not possible.
Seems to me there should be a line in auth.check_auth to do this, also
passing realm to this function of course.
Sylvain Hellegouarch
Feb 8, 2008, 7:38:23 AM2/8/08
to cherryp...@googlegroups.com
Hi Peter,
Would you mind opening a ticket since this is a bug.
Thanks,
- Sylvain
Pete H a écrit :
Reply all
Reply to author
Forward
0 new messages