httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r957918 - /httpd/httpd/trunk/modules/aaa/mod_authn_socache.c
Date Fri, 25 Jun 2010 12:33:34 GMT
Author: niq
Date: Fri Jun 25 12:33:34 2010
New Revision: 957918

URL: http://svn.apache.org/viewvc?rev=957918&view=rev
Log:
Disallow setting cache context in .htaccess, lest it be abused for cross-site
or cross-application authn attacks.

Modified:
    httpd/httpd/trunk/modules/aaa/mod_authn_socache.c

Modified: httpd/httpd/trunk/modules/aaa/mod_authn_socache.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authn_socache.c?rev=957918&r1=957917&r2=957918&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authn_socache.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authn_socache.c Fri Jun 25 12:33:34 2010
@@ -194,7 +194,7 @@ static const command_rec authn_cache_cmd
                   OR_AUTHCFG, "Timeout (secs) for cached credentials"),
     AP_INIT_TAKE1("AuthnCacheContext", ap_set_string_slot,
                   (void*)APR_OFFSETOF(authn_cache_dircfg, context),
-                  OR_AUTHCFG, "Context for authn cache"),
+                  ACCESS_CONF, "Context for authn cache"),
     {NULL}
 };
 



Mime
View raw message