Item9593: Realm settings between Foswiki.spec and httpd_conf and htaccess don't match.
Priority: Urgent
Current State: Closed
Released In: 1.0.10
Target Release: patch
Applies To: Engine
Component:
Branches:
which is needlessly confusing, considering that
digest
auth is way more secure than basic auth.
I'm going to change them so they match, and as they need to be a static string, means that we can't use it for 'help' in the template login dialog.
mark as urgent for visibility.
--
SvenDowideit - 31 Aug 2010
thankfully we've not used the setting for that in a long time.
UPGRADERS make sure you don't change your realm from what you have in your existing setup.
--
SvenDowideit - 31 Aug 2010
next up, write a configure checker that makes sure the realm does not contain a
:
(colon) as that
will break the password file fomar when using digest (aka
md5
) encoding.... as the pwd file uses an
:
..
maybe also highlight this in the htpasswd.pm module
if there is a way to detect the realm that apache is using, that would help alot.
--
SvenDowideit - 31 Aug 2010
Is this still a release blocker for 1.0.10???
--
KennethLavrsen - 06 Sep 2010
no, I've had to give up on writing a configure checker
mind you, we still could use Foswiki::Net to do an authed request to find out what the realm is, and then check or set it..
Kenneth, why do you keep asking about
1.0.10
? needless to say - I have done work on this on
both 1.0.10 and 1.1.0 - so I'm changing it back to fixed in 1.0.10.
--
SvenDowideit - 07 Sep 2010