httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: Proxy module: How to add username/password support?
Date Fri, 01 Aug 1997 02:06:55 GMT
On Thu, 31 Jul 1997, Philip A. Prindeville wrote:

> The file has to be stored on disk with the username and password
> encoded into it, so that another user without access doesn't
> "piggy-back" a legitimate user's access and get a cached copy of
> his document.  I.e. r->filename = pstrcat(...) should probably
> encode that information as well.

I would suggest that such requests should not be cached.  Well, not
without special attention.  Caching is complicated.  The problem with
caching them is that, out of necessity, they cached files are readable by
the user the server runs as.  That means anyone who can do something like
run a CGI can steal them.  Config param. perhaps.

View raw message