phpwiki-talk

[Phpwiki-talk] yet another security problem ...

[Arnaud F. <ar...@cr...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

Remember when I ask for some help about authentification to access rss 
feeds on a private wiki using "File" auth method ?

I tried to add HttpAuth ... just to be able to send login & passwd in 
the url ...

Ok ... and now, the funny part : If you just add HttpAuth ti the File 
method, and don't really have apache configured for it, if you fail on 
the first method (File), phpwiki sends a 401 Unauthorized error, your 
browser ask for login and password ... and ANY combination works ... 
ouch.
- --
Arnaud Fontaine
CRAO
Jabber: sh...@ra...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFCJDJQyAf3wgFyy1ARAq6LAKDD8WdOHJcMVTQZ3IliAqufsWKKOACcC21g
bL1J6DrXuH6evATo2W5epRQ=
=C9O/
-----END PGP SIGNATURE-----

Re: [Phpwiki-talk] yet another security problem ...

[Reini U. <ru...@x-...>]

Arnaud Fontaine schrieb:
> Remember when I ask for some help about authentification to access rss 
> feeds on a private wiki using "File" auth method ?
> 
> I tried to add HttpAuth ... just to be able to send login & passwd in 
> the url ...
> 
> Ok ... and now, the funny part : If you just add HttpAuth ti the File 
> method, and don't really have apache configured for it, if you fail on 
> the first method (File), phpwiki sends a 401 Unauthorized error, your 
> browser ask for login and password ... and ANY combination works ... ouch.

Could you please file this as bug report. I might forget it otherwise.

I also think that there is some more meta-problem with HttpAuth.
I guess I should check for the password also, as done in the new 
configurator auth.

-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban
http://phpwiki.org