www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolai Langfeldt <j...@math.uio.no>
Subject protocol/1195: Bug in Authentication header
Date Fri, 03 Oct 1997 17:10:02 GMT

>Number:         1195
>Category:       protocol
>Synopsis:       Bug in Authentication header
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Oct  3 10:10:01 1997
>Originator:     janl@math.uio.no
>Organization:
apache
>Release:        1.2.4
>Environment:
HP-UX 10.01, however that seems N/A
>Description:
Given

AuthName "Two words"
AuthType Basic

in a .htaccess file apache produces an ilegal WWW-Authenticate header:

$ telnet www.math.uio.no 80
Trying 129.240.223.53...
Connected to kryseis.uio.no.
Escape character is '^]'.
GET /~janl/test HTTP/1.0

HTTP/1.1 401 Authorization Required
Date: Fri, 03 Oct 1997 17:00:57 GMT
Server: Apache/1.2.4
WWW-Authenticate: Basic realm=""Two words""
Connection: close
Content-Type: text/html

Note double quotes in the realm spec.  You need not use the quotes in
the realm spec in the .htaccess file, but people will be liable to
if the realm name contains HWS.
>How-To-Repeat:
Specified above
>Fix:
N
>Audit-Trail:
>Unformatted:



Mime
View raw message