]> git.ipfire.org Git - thirdparty/squid.git/commit
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 98fcbb0) | patch
Cleanup: drop Auth::User::proxy_auth_list header cache
authorAmos Jeffries <squid3@treenet.co.nz>
Thu, 22 May 2014 06:04:05 +0000 (23:04 -0700)
committerAmos Jeffries <squid3@treenet.co.nz>
Thu, 22 May 2014 06:04:05 +0000 (23:04 -0700)
commitc3ac75826847c914c192b49ea00cab1da20d0f77
tree2988f49c5cbabbfc90d85604f01fbb79adc0bcf1tree | snapshot
parent98fcbb0e8ca684a6349cf336bd5ed6a5f8c8a2e5commit | diff
Cleanup: drop Auth::User::proxy_auth_list header cache

This list/cache was originally used to short-circuit auth helper lookups
based on previousy seen [Proxy-]Authorization header strings.
However, that permitted replay attacks in most auth schemes and has been
replaced by scheme-specific mechanisms:

* Basic and Digest credentials are cached in the global user name cache
  wih additional nonce/password comparisons to verify located entries.

* NTLM and Negotiate credentials are cached in the ConnStateData with
  exact-match comparison done to verify tokens.
src/auth/User.cc diff | blob | blame | history
src/auth/User.h diff | blob | blame | history
src/auth/negotiate/User.cc diff | blob | blame | history
src/auth/ntlm/User.cc diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git