Re: Authentication bug in Squid 2.2S4

From: Dancer <[email protected]>
Date: Thu, 19 Aug 1999 10:14:38 +1000

Steven Sporen wrote:
>
> Hi,
>
> I picked up a problem with the way the authentication works in squid.
> Currently when squid uses an authenticator it sends out a line in the form
> <username> <password>
>
> The problem comes in when the user enters a username with a space in it
> then the second part or surname will be interpreted as the password. The
> solution is to convert the space in the username to a %20 the way it currently
> does in the log file.

IMO, it's not a bug (chorus: It's a feature).

Well, it's actually a constraint based on the syntax of passing requests
to authenticators. You'll also find that passwords with spaces in them
don't work all that well either.

In one or two places (logging, for example, where some invalid requests
get logged spaces, warts and all) I re-encode spaces with an 0x7f (DEL,
if memory serves...or ^?). It prevents confusing my log-processors.
Maybe you can try the same with the authenticator routine.

D

D
Received on Wed Aug 18 1999 - 18:01:40 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:03 MST