You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2010/06/25 14:33:34 UTC
svn commit: r957918 - /httpd/httpd/trunk/modules/aaa/mod_authn_socache.c
Author: niq
Date: Fri Jun 25 12:33:34 2010
New Revision: 957918
URL: http://svn.apache.org/viewvc?rev=957918&view=rev
Log:
Disallow setting cache context in .htaccess, lest it be abused for cross-site
or cross-application authn attacks.
Modified:
httpd/httpd/trunk/modules/aaa/mod_authn_socache.c
Modified: httpd/httpd/trunk/modules/aaa/mod_authn_socache.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authn_socache.c?rev=957918&r1=957917&r2=957918&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authn_socache.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authn_socache.c Fri Jun 25 12:33:34 2010
@@ -194,7 +194,7 @@ static const command_rec authn_cache_cmd
OR_AUTHCFG, "Timeout (secs) for cached credentials"),
AP_INIT_TAKE1("AuthnCacheContext", ap_set_string_slot,
(void*)APR_OFFSETOF(authn_cache_dircfg, context),
- OR_AUTHCFG, "Context for authn cache"),
+ ACCESS_CONF, "Context for authn cache"),
{NULL}
};