Commented: (MODPYTHON-47) Digest Authorization header causes bad request error.
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > Apache Server configuration support > Apache Mod-Python > Commented: (MODPYTHON-47) Digest Authorization header causes bad request error.




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Commented: (MODPYTHON-47) Digest Authorization header causes bad request error.  
Graham Dumpleton (JIRA)


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
11-23-05 01:47 AM

[ http://issues.apache.org/jira/brows...2358
319 ]

Graham Dumpleton commented on MODPYTHON-47:
-------------------------------------------

As usual there is nearly always a way to fudge things. You could still use A
pache HTTP digest authentication (managed by Apache) and still use mod_pytho
n.publisher by having an authenhandler() or earlier content handler which de
leted the "Authorization" h
eader so that mod_python.publisher didn't find it and therefore didn't barf.

def authenhandler(req):

if req.headers_in.has_key("Authorization"):
del req.headers_in["Authorization"]

.. etc.

I haven't tried this, but it should work.


> Digest Authorization header causes bad request error.
> -----------------------------------------------------
>
>          Key: MODPYTHON-47
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-47
>      Project: mod_python
>         Type: Bug
>   Components: publisher
>     Versions: 3.1.4
>     Reporter: Graham Dumpleton
>     Priority: Minor

>
> If Apache is used to perform authentication, the Authorization header stil
l gets
> passed through to mod_python.publisher. Unfortunately, mod_python.publishe
r
> authentication code in process_auth() will attempt to decode the contents 
of the
> Authorization header even if there are no __auth__ or __access__ hooks def
ined
> for authentication and access control within the published code itself.
> The consequence of this is that if Digest authentication is used for AuthT
ype
> at level of Apache authentication, the process_auth() code will raise a ba
d request
> error as it assumes Authorization header is always in format for Basic aut
hentication
> type and when it can't decode it, it raises an error.
> What should happen is that any decoding of Authorization should only be do
ne
> if there is a __auth__ or __access__ hook that actually requires it. That 
way, if some
> one uses Digest authentication at Apache configuration file level, provide
d that no
> __auth__ or __access__ hooks are provided, there wouldn't be a problem.
> See:
>   http://www.modpython.org/pipermail/...ril/017911.html
>   http://www.modpython.org/pipermail/...ril/017912.html
> for additional information.




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 09:30 PM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register