You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ni...@apache.org on 2010/06/25 14:33:34 UTC

svn commit: r957918 - /httpd/httpd/trunk/modules/aaa/mod_authn_socache.c

Author: niq
Date: Fri Jun 25 12:33:34 2010
New Revision: 957918

URL: http://svn.apache.org/viewvc?rev=957918&view=rev
Log:
Disallow setting cache context in .htaccess, lest it be abused for cross-site
or cross-application authn attacks.

Modified:
    httpd/httpd/trunk/modules/aaa/mod_authn_socache.c

Modified: httpd/httpd/trunk/modules/aaa/mod_authn_socache.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authn_socache.c?rev=957918&r1=957917&r2=957918&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authn_socache.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authn_socache.c Fri Jun 25 12:33:34 2010
@@ -194,7 +194,7 @@ static const command_rec authn_cache_cmd
                   OR_AUTHCFG, "Timeout (secs) for cached credentials"),
     AP_INIT_TAKE1("AuthnCacheContext", ap_set_string_slot,
                   (void*)APR_OFFSETOF(authn_cache_dircfg, context),
-                  OR_AUTHCFG, "Context for authn cache"),
+                  ACCESS_CONF, "Context for authn cache"),
     {NULL}
 };