Item9593: Realm settings between Foswiki.spec and httpd_conf and htaccess don't match.

Priority: Urgent
Current State: Closed
Released In: 1.0.10
Target Release: patch
Applies To: Engine
Component:
Reported By: SvenDowideit
Waiting For:
Last Change By: KennethLavrsen
which is needlessly confusing, considering that digest auth is way more secure than basic auth.

I'm going to change them so they match, and as they need to be a static string, means that we can't use it for 'help' in the template login dialog.

mark as urgent for visibility.

-- SvenDowideit - 31 Aug 2010

thankfully we've not used the setting for that in a long time.

UPGRADERS make sure you don't change your realm from what you have in your existing setup.

-- SvenDowideit - 31 Aug 2010

next up, write a configure checker that makes sure the realm does not contain a : (colon) as that will break the password file fomar when using digest (aka md5) encoding.... as the pwd file uses an :..

maybe also highlight this in the htpasswd.pm module

if there is a way to detect the realm that apache is using, that would help alot.

-- SvenDowideit - 31 Aug 2010

Is this still a release blocker for 1.0.10???

-- KennethLavrsen - 06 Sep 2010

no, I've had to give up on writing a configure checker

mind you, we still could use Foswiki::Net to do an authed request to find out what the realm is, and then check or set it..

Kenneth, why do you keep asking about 1.0.10 ? needless to say - I have done work on this on both 1.0.10 and 1.1.0 - so I'm changing it back to fixed in 1.0.10.

-- SvenDowideit - 07 Sep 2010
 

ItemTemplate edit

Summary Realm settings between Foswiki.spec and httpd_conf and htaccess don't match.
ReportedBy SvenDowideit
Codebase 1.0.9, trunk
SVN Range
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:f2c770050b02 distro:7ef57e205add distro:efc88a86a788 distro:eae2764ea883 distro:bf987a7c94b3 distro:825f7b90104a distro:87fd524a0228
TargetRelease patch
ReleasedIn 1.0.10
Topic revision: r12 - 08 Sep 2010, KennethLavrsen
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License