[squid-users] Usernames with whitespace

From: <[email protected]>
Date: Fri, 7 Jan 2005 14:53:19 +0100

Hi,

Putting a whitespace prefix or suffix in the username at authentication time
causes :

  - acl's based on username to be circumvented
  - access.log analysis to be fooled.

This is because a "%20" is put in place of the whitespace :
     %20username
or username%20

Is there a rule or option to reject all usernames containing a whitespace ?
Or should I put a special ACL to deny access to those users who put a whitespace
by mistake?
The best would be that Squid asks for a username/passwd until it is valid (good
pair && no whitespace) so that the end-user doesn't get confused.
IE : "my password is accepted , but I get a Forbidden Access page"

(I could'nt find anything in the archives or FAQ, maybe I didn't use the correct
keywords ? - %20, username, whitespace, space, or blank)

Thanks for your help,

Andrew.
Received on Fri Jan 07 2005 - 06:53:22 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST