httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject protocol/1195: Bug in Authentication header (fwd)
Date Thu, 23 Oct 1997 09:34:17 GMT
There are dozens of directives taking RAW_ARGS which should be taking
TAKE1 ... which gets properly dequoted and such.  Fixing most of them
won't pose config problems with existing configs... unfortunately changing
AuthName probably would cause config problems.

I'd personally like to see all of them fixed (i.e. using TAKE1) so that
the config file syntax is a wee bit more sane. 

Dean

---------- Forwarded message ----------
Date: Fri, 3 Oct 1997 10:10:02 -0700 (PDT)
From: Nicolai Langfeldt <janl@math.uio.no>
To: apache-bugdb@apache.org
Cc: apache-bugdb@apache.org
Subject: protocol/1195: Bug in Authentication header


>Number:         1195
>Category:       protocol
>Synopsis:       Bug in Authentication header
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Oct  3 10:10:01 1997
>Originator:     janl@math.uio.no
>Organization:
apache
>Release:        1.2.4
>Environment:
HP-UX 10.01, however that seems N/A
>Description:
Given

AuthName "Two words"
AuthType Basic

in a .htaccess file apache produces an ilegal WWW-Authenticate header:

$ telnet www.math.uio.no 80
Trying 129.240.223.53...
Connected to kryseis.uio.no.
Escape character is '^]'.
GET /~janl/test HTTP/1.0

HTTP/1.1 401 Authorization Required
Date: Fri, 03 Oct 1997 17:00:57 GMT
Server: Apache/1.2.4
WWW-Authenticate: Basic realm=""Two words""
Connection: close
Content-Type: text/html

Note double quotes in the realm spec.  You need not use the quotes in
the realm spec in the .htaccess file, but people will be liable to
if the realm name contains HWS.
>How-To-Repeat:
Specified above
>Fix:
N
>Audit-Trail:
>Unformatted:




Mime
View raw message