You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Geoffrey Young <ge...@modperlcookbook.org> on 2004/07/12 16:17:16 UTC

Re: cvs commit: httpd-2.0/modules/aaa mod_auth_digest.c


pquerna@apache.org wrote:
> pquerna     2004/07/10 00:47:23
> 
>   Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
>                modules/aaa Tag: APACHE_2_0_BRANCH mod_auth_digest.c
>   Log:
>   Backport of AuthDigestEnableQueryStringHack
>   Needs a doc update to explain what it does.

something like the attached?  corrections, tweaks, or other feedback welcome.

--Geoff

Re: cvs commit: httpd-2.0/modules/aaa mod_auth_digest.c

Posted by Dirk-Willem van Gulik <di...@webweaving.org>.

+1 !

Dw.

On Tue, 3 Aug 2004, Paul Querna wrote:

> On Tue, 2004-08-03 at 15:22 -0400, Geoffrey Young wrote:
> > hmm, I guess this fell off the collective radar.
> >
> > any comments?  otherwise, I guess it's good enough and I'll just commit it
> > to both 2.0 and 2.1.
>
> Looks good to me.
>
> -Paul Querna
>
>
> > Geoffrey Young wrote:
> > >
> > > pquerna@apache.org wrote:
> > >
> > >>pquerna     2004/07/10 00:47:23
> > >>
> > >>  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
> > >>               modules/aaa Tag: APACHE_2_0_BRANCH mod_auth_digest.c
> > >>  Log:
> > >>  Backport of AuthDigestEnableQueryStringHack
> > >>  Needs a doc update to explain what it does.
> > >
> > >
> > > something like the attached?  corrections, tweaks, or other feedback welcome.
> > >
> > > --Geoff
> > >
> > >
> > >
> > > ------------------------------------------------------------------------
> > >
> > > Index: mod_auth_digest.xml
> > > ===================================================================
> > > RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_digest.xml,v
> > > retrieving revision 1.5.2.8
> > > diff -u -r1.5.2.8 mod_auth_digest.xml
> > > --- mod_auth_digest.xml	17 Apr 2004 18:43:37 -0000	1.5.2.8
> > > +++ mod_auth_digest.xml	12 Jul 2004 14:16:11 -0000
> > > @@ -72,7 +72,9 @@
> > >      browsers. As of November 2002, the major browsers that support digest
> > >      authentication are <a href="http://www.opera.com/">Opera</a>, <a
> > >      href="http://www.microsoft.com/windows/ie/">MS Internet
> > > -    Explorer</a> (fails when used with a query string), <a
> > > +    Explorer</a> (fails when used with a query string - see the
> > > +    <directive module="mod_auth_digest">AuthDigestEnableQueryStringHack
> > > +    </directive> option below for a workaround), <a
> > >      href="http://www.w3.org/Amaya/">Amaya</a>, <a
> > >      href="http://www.mozilla.org">Mozilla</a> and <a
> > >      href="http://channels.netscape.com/ns/browsers/download.jsp"
> > > @@ -81,6 +83,36 @@
> > >      in controlled environments.</p>
> > >      </note>
> > >  </section>
> > > +
> > > +<section id="msie"><title>Working with MS Internet Explorer</title>
> > > +    <p>The Digest authentication implementation in current Internet
> > > +    Explorer implementations has known issues, namely that <code><GET</code>
> > > +    requests with a query string are not RFC compliant.  There are a
> > > +    few ways to work around this issue.</p>
> > > +
> > > +    <p>
> > > +    The first way is to use <code>POST</code> requests instead of
> > > +    <code>GET</code> requests to pass data to your program.  This method
> > > +    is the simplest approach if your application can work with this
> > > +    limitation.
> > > +    </p>
> > > +
> > > +    <p>Apache also provides a workaround in the
> > > +    <code>AuthDigestEnableQueryStringHack</code> environment variable.
> > > +    If <code>AuthDigestEnableQueryStringHack</code> is true for the
> > > +    request, Apache will take steps to work around the MSIE bug and
> > > +    remove the request URI from the digest comparison.  Using this
> > > +    method would look like similar to the following.</p>
> > > +
> > > +    <example><title>Using Digest Authentication with MSIE:</title>
> > > +    BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
> > > +    </example>
> > > +
> > > +    <p>See the <directive module="mod_setenvif">BrowserMatch</directive>
> > > +    directive for more details on conditionally setting environment
> > > +    variables</p>
> > > +</section>
> > > +
> > >
> > >  <directivesynopsis>
> > >  <name>AuthDigestFile</name>
>

Re: cvs commit: httpd-2.0/modules/aaa mod_auth_digest.c

Posted by Paul Querna <ch...@force-elite.com>.

On Tue, 2004-08-03 at 15:22 -0400, Geoffrey Young wrote:
> hmm, I guess this fell off the collective radar.
> 
> any comments?  otherwise, I guess it's good enough and I'll just commit it
> to both 2.0 and 2.1.

Looks good to me.

-Paul Querna


> Geoffrey Young wrote:
> > 
> > pquerna@apache.org wrote:
> > 
> >>pquerna     2004/07/10 00:47:23
> >>
> >>  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
> >>               modules/aaa Tag: APACHE_2_0_BRANCH mod_auth_digest.c
> >>  Log:
> >>  Backport of AuthDigestEnableQueryStringHack
> >>  Needs a doc update to explain what it does.
> > 
> > 
> > something like the attached?  corrections, tweaks, or other feedback welcome.
> > 
> > --Geoff
> > 
> > 
> > 
> > ------------------------------------------------------------------------
> > 
> > Index: mod_auth_digest.xml
> > ===================================================================
> > RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_digest.xml,v
> > retrieving revision 1.5.2.8
> > diff -u -r1.5.2.8 mod_auth_digest.xml
> > --- mod_auth_digest.xml	17 Apr 2004 18:43:37 -0000	1.5.2.8
> > +++ mod_auth_digest.xml	12 Jul 2004 14:16:11 -0000
> > @@ -72,7 +72,9 @@
> >      browsers. As of November 2002, the major browsers that support digest
> >      authentication are <a href="http://www.opera.com/">Opera</a>, <a
> >      href="http://www.microsoft.com/windows/ie/">MS Internet
> > -    Explorer</a> (fails when used with a query string), <a
> > +    Explorer</a> (fails when used with a query string - see the
> > +    <directive module="mod_auth_digest">AuthDigestEnableQueryStringHack
> > +    </directive> option below for a workaround), <a
> >      href="http://www.w3.org/Amaya/">Amaya</a>, <a
> >      href="http://www.mozilla.org">Mozilla</a> and <a
> >      href="http://channels.netscape.com/ns/browsers/download.jsp"
> > @@ -81,6 +83,36 @@
> >      in controlled environments.</p>
> >      </note>
> >  </section>
> > +
> > +<section id="msie"><title>Working with MS Internet Explorer</title>
> > +    <p>The Digest authentication implementation in current Internet
> > +    Explorer implementations has known issues, namely that <code><GET</code>
> > +    requests with a query string are not RFC compliant.  There are a
> > +    few ways to work around this issue.</p>
> > +
> > +    <p>
> > +    The first way is to use <code>POST</code> requests instead of
> > +    <code>GET</code> requests to pass data to your program.  This method
> > +    is the simplest approach if your application can work with this
> > +    limitation.
> > +    </p>
> > +
> > +    <p>Apache also provides a workaround in the
> > +    <code>AuthDigestEnableQueryStringHack</code> environment variable.
> > +    If <code>AuthDigestEnableQueryStringHack</code> is true for the
> > +    request, Apache will take steps to work around the MSIE bug and
> > +    remove the request URI from the digest comparison.  Using this
> > +    method would look like similar to the following.</p>
> > +
> > +    <example><title>Using Digest Authentication with MSIE:</title>
> > +    BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
> > +    </example>
> > +
> > +    <p>See the <directive module="mod_setenvif">BrowserMatch</directive>
> > +    directive for more details on conditionally setting environment
> > +    variables</p>
> > +</section>
> > +
> >  
> >  <directivesynopsis>
> >  <name>AuthDigestFile</name>

Re: cvs commit: httpd-2.0/modules/aaa mod_auth_digest.c

Posted by Geoffrey Young <ge...@modperlcookbook.org>.

hmm, I guess this fell off the collective radar.

any comments?  otherwise, I guess it's good enough and I'll just commit it
to both 2.0 and 2.1.

--Geoff

Geoffrey Young wrote:
> 
> pquerna@apache.org wrote:
> 
>>pquerna     2004/07/10 00:47:23
>>
>>  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
>>               modules/aaa Tag: APACHE_2_0_BRANCH mod_auth_digest.c
>>  Log:
>>  Backport of AuthDigestEnableQueryStringHack
>>  Needs a doc update to explain what it does.
> 
> 
> something like the attached?  corrections, tweaks, or other feedback welcome.
> 
> --Geoff
> 
> 
> 
> ------------------------------------------------------------------------
> 
> Index: mod_auth_digest.xml
> ===================================================================
> RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_digest.xml,v
> retrieving revision 1.5.2.8
> diff -u -r1.5.2.8 mod_auth_digest.xml
> --- mod_auth_digest.xml	17 Apr 2004 18:43:37 -0000	1.5.2.8
> +++ mod_auth_digest.xml	12 Jul 2004 14:16:11 -0000
> @@ -72,7 +72,9 @@
>      browsers. As of November 2002, the major browsers that support digest
>      authentication are <a href="http://www.opera.com/">Opera</a>, <a
>      href="http://www.microsoft.com/windows/ie/">MS Internet
> -    Explorer</a> (fails when used with a query string), <a
> +    Explorer</a> (fails when used with a query string - see the
> +    <directive module="mod_auth_digest">AuthDigestEnableQueryStringHack
> +    </directive> option below for a workaround), <a
>      href="http://www.w3.org/Amaya/">Amaya</a>, <a
>      href="http://www.mozilla.org">Mozilla</a> and <a
>      href="http://channels.netscape.com/ns/browsers/download.jsp"
> @@ -81,6 +83,36 @@
>      in controlled environments.</p>
>      </note>
>  </section>
> +
> +<section id="msie"><title>Working with MS Internet Explorer</title>
> +    <p>The Digest authentication implementation in current Internet
> +    Explorer implementations has known issues, namely that <code><GET</code>
> +    requests with a query string are not RFC compliant.  There are a
> +    few ways to work around this issue.</p>
> +
> +    <p>
> +    The first way is to use <code>POST</code> requests instead of
> +    <code>GET</code> requests to pass data to your program.  This method
> +    is the simplest approach if your application can work with this
> +    limitation.
> +    </p>
> +
> +    <p>Apache also provides a workaround in the
> +    <code>AuthDigestEnableQueryStringHack</code> environment variable.
> +    If <code>AuthDigestEnableQueryStringHack</code> is true for the
> +    request, Apache will take steps to work around the MSIE bug and
> +    remove the request URI from the digest comparison.  Using this
> +    method would look like similar to the following.</p>
> +
> +    <example><title>Using Digest Authentication with MSIE:</title>
> +    BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
> +    </example>
> +
> +    <p>See the <directive module="mod_setenvif">BrowserMatch</directive>
> +    directive for more details on conditionally setting environment
> +    variables</p>
> +</section>
> +
>  
>  <directivesynopsis>
>  <name>AuthDigestFile</name>