-1 for now. The concern that I have is that by injecting the name of the cluster as it is pulled from the query string, seems a little dangerous. This would allow the realm to be altered in any way by just modifying the query string. Not sure if that is a real issue or not, but it seems dangerous. Can anybody else clarify this more?
Brad >>> On 3/6/2008 at 5:28 AM, in message <[EMAIL PROTECTED]>, Martin Knoblauch <[EMAIL PROTECTED]> wrote: > Hi Ramon, > > looks harmless enough. Could you make a similar patch against trunk please? > > From my side "+1" for both trunk and 3.0.X > > Cheers > Martin > ------------------------------------------------------ > Martin Knoblauch > email: k n o b i AT knobisoft DOT de > www: http://www.knobisoft.de > > > ----- Original Message ---- >> From: Ramon Bastiaans <[EMAIL PROTECTED]> >> To: "[email protected]" > <[email protected]> >> Sent: Thursday, March 6, 2008 11:59:36 AM >> Subject: [Ganglia-developers] [patch] change privateclusters auth header to > include clustername >> >> Hi, >> >> I've made a little patch to the webfrontend of 3.0.7. >> >> The problem is that Ganglia always says "Ganglia Private Cluster", for >> ALL private clusters in the authentication header. >> This way you can't let Firefox or Internet Exporer remember a different >> password for each cluster. >> >> Since the Firefox password manager for example associates the password >> with the string in the authentication header, you will have to keep on >> entering your individual private cluster password again and again. >> >> I have now changed it to include the cluster name in the authentication >> header. >> This way you can now let your browser save/remember/cache different >> passwords for each individual cluster. >> >> Cheers, >> - Ramon. >> >> -- >> ing. R. Bastiaans >> >> Systems Programmer / High Performance Computing & Visualisation / >> SARA Computing and Networking Services >> Kruislaan 415 PO Box 194613 >> 1098 SJ Amsterdam 1090 GP Amsterdam >> P.+31 (0)20 592 3000 F.+31 (0)20 668 3167 >> --- >> There are really only three types of people: >> >> Those who make things happen, those who watch things happen >> and those who say, "What happened?" >> >> >> >> >> -----Inline Attachment Follows----- >> >> --- auth.php.org 2008-03-06 11:56:09.542153567 +0100 >> +++ auth.php 2008-03-06 11:54:27.261229406 +0100 >> @@ -30,7 +30,11 @@ >> #------------------------------------------------------------------------------- >> function authenticate() >> { >> - header("WWW-authenticate: basic realm=\"Ganglia Private Cluster\""); >> + global $clustername; >> + >> + $auth_header = "WWW-authenticate: basic realm=\"Private Ganglia cluster: " >> . $clustername . "\""; >> + >> + header( $auth_header ); >> header("HTTP/1.0 401 Unauthorized"); >> #print "> URL=\"../?c=\">"; >> print " > You are unauthorized to view the details of this Cluster > "; >> >> >> ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Ganglia-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ganglia-developers
