tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 34560] - AuthenticatorBase tests and applies disableProxyCaching even if no auth-constraints
Date Sat, 23 Apr 2005 22:13:54 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34560>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34560





------- Additional Comments From quartz12h@yahoo.com  2005-04-24 00:13 -------
Created an attachment (id=14814)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=14814&action=view)
patch to head cvs (1.30)

line 437:

	//+++++ ASF Bugzilla Bug 34560 fix:
	boolean requireAuthentication = false;
	for(i=0; i < constraints.length; i++) {
	    if (constraints[i].getAuthConstraint()) {
		requireAuthentication=true;
		break;
	    }
	}
	//+++++


	// Make sure that constrained resources are not cached by web proxies
	// or browsers as caching can provide a security hole
	if (requireAuthentication && disableProxyCaching && //+++++ SSL can be
cached (by browser only, and by user choice), authenticated resources must not.


[...]


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message