Identifying users with a base64 hash would be much more failsafe
Bug #482258 reported by
Matthias Burtscher
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| chive |
Fix Released
|
Medium
|
Matthias Burtscher | ||
| 0.1 |
Fix Released
|
Medium
|
Matthias Burtscher | ||
Bug Description
Problems occur, because users are identified by the two separate parameters "user" and "host". Urls look like this if there is no host part: privileges/
The webserver strips the double slash (no host information there) -> no host part given.
Identifying will be changed to base64-encoded version of 'user@host'.
Urls will look like this: #privileges/
| summary: |
- Identifying users with a base64 hash would be mush more failsafe + Identifying users with a base64 hash would be much more failsafe |
To post a comment you must log in.
