git.ipfire.org Git - thirdparty/apache/httpd.git/commit

author	Stefan Fritsch <sf@apache.org>
	Tue, 1 Jan 2013 20:16:30 +0000 (20:16 +0000)
committer	Stefan Fritsch <sf@apache.org>
	Tue, 1 Jan 2013 20:16:30 +0000 (20:16 +0000)
commit	737192d0332db6ae363208b4d34f007e5ee33901
tree	36ff69c34bdc6c56ad5e37c50fa58ca55465d7f0	tree \| snapshot
parent	60e83d5fdf25ee754472fd206cb6e1f8b5cc9636	commit \| diff

Add some caching for password hash validation.

Password hash functions must be expensive in order to be secure. But
if they have to be re-evaluated for every request, performance
suffers.

As a minimal remedy, cache the most recent result for every
connection. This gives a great performance boost if a web browser
does many requests on the same connection with the same
user+password. In principle, this may keep the plain text password
around longer than before. But in practice, there won't be much
difference since user+password can already remain in some unused
data bucket for longer than the request duration.

A proper solution still needs to be found for connections from
proxies which may carry requests for many different users.

While it currently only requires the conn_rec, the new
ap_password_validate() function takes username and request_rec to
allow future extensions, like detection of brute-force attempts.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1427548 13f79535-47bb-0310-9956-ffa450edef68

CHANGES		diff \| blob \| blame \| history
include/ap_mmn.h		diff \| blob \| blame \| history
include/httpd.h		diff \| blob \| blame \| history
modules/aaa/mod_authn_dbd.c		diff \| blob \| blame \| history
modules/aaa/mod_authn_dbm.c		diff \| blob \| blame \| history
modules/aaa/mod_authn_file.c		diff \| blob \| blame \| history
modules/aaa/mod_authn_socache.c		diff \| blob \| blame \| history
server/util.c		diff \| blob \| blame \| history