what about this little patch to prevent the unencrypted
cachemgr password being shown in the browser address bar
and in server logfiles?
(cachemgr.c handles both request methods)
regards,
Clemens
--- cachemgr.c 2002-09-01 14:32:00.000000000 +0200
+++ cachemgr.next.c 2002-10-04 12:28:48.000000000 +0200
@@ -242,7 +242,7 @@ auth_html(const char *host, int port, co
printf("<P>This is a WWW interface to the instrumentation interface\n");
printf("for the Squid object cache.</P>\n");
printf("<HR noshade size=\"1px\">\n");
- printf("<FORM METHOD=\"GET\" ACTION=\"%s\">\n", script_name);
+ printf("<FORM METHOD=\"POST\" ACTION=\"%s\">\n", script_name);
printf("<TABLE BORDER=\"0\" CELLPADDING=\"10\" CELLSPACING=\"1\">\n");
printf("<TR><TH ALIGN=\"left\">Cache Host:</TH><TD><INPUT NAME=\"host\" ");
printf("size=\"30\" VALUE=\"%s\"></TD></TR>\n", host);
-- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Single & ready to mingle? lavalife.com: Where singles click. Free to Search! http://www.lavalife.com/mailcom.epl?a=2116Received on Sun Nov 10 2002 - 09:43:14 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:40 MST