Ticket #787 (defect)
Opened 7 months ago
Last modified 6 months ago
xxx_auth does not check realm in request headers
Status: closed (fixed)
| Reported by: | guest | Assigned to: | lawouach |
|---|---|---|---|
| Priority: | high | Milestone: | 3.1 |
| Component: | CherryPy code | Keywords: | |
| Cc: |
auth module does not check that the realm in the request headers matches the realm in the config.
auth.basic_auth and auth.digest_auth should pass 'realm' to check_auth.
add lines:
if realm != ah["realm"]:
return False
at about line 12 in auth.check_auth()
Change History
02/08/08 06:27:40: Modified by lawouach
- owner changed from rdelon to lawouach.
- status changed from new to assigned.
02/18/08 12:55:44: Modified by lawouach
- status changed from assigned to closed.
- resolution set to fixed.
Fixed in [1891] for the current trunk (3.1) and [1892] for the 3.0.x branch. This only check the realm value when using digest since it doesn't seem that the basic response contains the realm value (RFC 2617 is misleading on that one).