Re: hno's auth_escape patch

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 14 Feb 2002 02:50:59 +0100

On Thursday 14 February 2002 01.54, Andrew Reid wrote:

> I seem to recall that there was a few different people (Henrik
> included) who thought that it'd be a good idea to do this, perhaps
> on a permanent basis.

Robert: This is your call. How should we manager usernames (and/or
passwords) with spaces?

  - access.log
  - redirector interface
  - auth helper interface

My patch simply URL escapes the username and password before sent to
basic auth helpers or redirectors IIRC.

Personally I think the basic auth helpers should use the Basic auth
credentials as is, and the access.log and redirectors use the simple
escaped form. Parsing a "login:password" line in the auth helpers is
not significantly harder than to parse a "login<space>password" line,
and avoids the whole mess.

Patches for this can be accepted into Squid-2.5 before STABLE unless
overly intrusive or delaying the release significantly more. Once
STABLE I am afraid we cannot change this until 2.6.

Regards
Henrik
Received on Wed Feb 13 2002 - 18:50:15 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:47 MST