CherryPy Project Download

Ticket #2 (defect)

Opened 8 years ago

Last modified 8 years ago

delegate digest authentication to apache / lighttpd / squid

Status: closed (invalid)

Reported by: alexandru@toth.google.mail.com Assigned to: somebody
Priority: minor Keywords: digest mod_digest
Cc:

Hello,

Apache already has mod_digest (and mod_ldap), and IMHO it is better to delegate security to Apache (rather than re-implement digest in CherryPy). Also, it might be safer to _configure_ security declaratively than code it.

Has anyone deployed CherrPy? behind mod_digest (or mod_ldap), and retrieved the "Authorization-Info" ?

Or, is it a wrong question? I am trying a parallel with MS IIS , where is possible to set Directory Security to "Windows Integrated". The CGI or ASP pages retrieve the "authenticated user" server variable, or headers.

When deploying CherryPy (3.0.1) behind Apache (Apache/1.3.33-Darwin with mod_digest and mod_proxy), CherryPy only receives these headers, and there is no username...

Request Headers:

X-FORWARDED-SERVER: local REFERER: http://local/index ACCEPT-LANGUAGE: en HOST: localhost:8080 ACCEPT: */* USER-AGENT: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3 CONNECTION: close Remote-Addr: 127.0.0.1 X-FORWARDED-HOST: local X-FORWARDED-FOR: 192.168.255.3 ACCEPT-ENCODING: gzip, deflate

Cheers, Alex

Change History

04/02/07 18:45:52: Modified by fumanchu

  • status changed from new to closed.
  • resolution set to invalid.

You should ask this question on the mailing list or IRC, start a wiki page on this site about the topic, or open a ticket at the official site.

Sorry about the tease; we should not have left tickets open on this site.

Hosted by WebFaction

Log in as guest/cherrypy to create/edit wiki pages