httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allan Edwards <...@raleigh.ibm.com>
Subject Re: conn_rec->notes
Date Fri, 16 Jun 2000 17:06:40 GMT
Marc Slemko wrote:
> 
> On Thu, 15 Jun 2000, Allan Edwards wrote:
> 
> > It would be nice to be able to pass information
> > from one module to another - like the notes
> > capability of request_rec except using conn_rec.
> >
> > example: passing client certificate information
> > to an ldap module
> >
> > Anyone object to adding ap_table_t *notes to
> > conn_rec?
> 
> I question how wise it is, because that is something that is very easy to
> misuse.  In general, the connection can be used by completely different
> users if it is from a proxy.  

I'm not sure exactly how a proxy would handle this example but I would 
guess that client certificates are not intercepted at by proxies but 
are transparently passed on to the origin server, so I don't think 
this particular application of conn_rec->notes could be misused by 
a proxy. If you have other scenarios in mind where the proxy code
might misuse this field maybe we can add a comment warning of such.

> It is only in special situations, such as
> when you have a layer there that makes it more than just a normal TCP
> connection over which HTTP requests flow, where that is legitimately used.

I think this is such a case though, and while there might be other
coding solutions, I think they too would be open to the same misuse, 
Alternate solutions would also make it harder to read the code and 
understand what was going on, so I don't see why we should penalize 
any legitimate usage. 

Allan

Mime
View raw message