Foswiki on GitHub is open for business! Next release meeting: Monday Dec. 1, 1300Z

Item9593: Realm settings between Foswiki.spec and httpd_conf and htaccess don't match.

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Urgent Closed Engine    
which is needlessly confusing, considering that digest auth is way more secure than basic auth.

I'm going to change them so they match, and as they need to be a static string, means that we can't use it for 'help' in the template login dialog.

mark as urgent for visibility.

-- SvenDowideit - 31 Aug 2010

thankfully we've not used the setting for that in a long time.

UPGRADERS make sure you don't change your realm from what you have in your existing setup.

-- SvenDowideit - 31 Aug 2010

next up, write a configure checker that makes sure the realm does not contain a : (colon) as that will break the password file fomar when using digest (aka md5) encoding.... as the pwd file uses an :..

maybe also highlight this in the htpasswd.pm module

if there is a way to detect the realm that apache is using, that would help alot.

-- SvenDowideit - 31 Aug 2010

Is this still a release blocker for 1.0.10???

-- KennethLavrsen - 06 Sep 2010

no, I've had to give up on writing a configure checker

mind you, we still could use Foswiki::Net to do an authed request to find out what the realm is, and then check or set it..

Kenneth, why do you keep asking about 1.0.10 ? needless to say - I have done work on this on both 1.0.10 and 1.1.0 - so I'm changing it back to fixed in 1.0.10.

-- SvenDowideit - 07 Sep 2010
 

ItemTemplate edit

Summary Realm settings between Foswiki.spec and httpd_conf and htaccess don't match.
ReportedBy SvenDowideit
Codebase 1.0.9, trunk
SVN Range
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:f2c770050b02 distro:7ef57e205add distro:efc88a86a788 distro:eae2764ea883 distro:bf987a7c94b3 distro:825f7b90104a distro:87fd524a0228
TargetRelease patch
ReleasedIn 1.0.10
Topic revision: r12 - 08 Sep 2010, KennethLavrsen
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License