hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ossf...@dubioso.net>
Subject Re: FW: HttpClient authentication problem.
Date Fri, 18 May 2007 18:10:43 GMT
Hi Odi,

> I would actually consider this a security issue in the connection
> managers: It may hand out an already authenticated connection to an
> unsuspecting client. We should add fields to HttpConnection that keep
> track of the credentials for connection oriented AuthSchemes. So
> connection managers can take this into account. Also the connection
> managers lack a parameter in the getConnection methods that carries
> authentication information for connection based auth schemes.

It's on my list for 4.0, though it won't make it into client alpha1:
http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign
It's not urgent since we won't have NTLM support for a while.

I don't think we can or should squeeze this into 3.x anymore.

cheers,
  Roland

---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


Mime
View raw message