>Number: 668 >Category: mod_proxy >Synopsis: Two problems with user:[EMAIL PROTECTED] URLs >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Jun 4 03:00:01 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2b10 >Environment: HP-UX atropos B.10.20 A 9000/803 2006896634 two-user license ansi C >Description: * The standard mod_proxy just does not understand http://user:[EMAIL PROTECTED]/ requests and refuses to handle them. * the proxy module logs the sent user/password pairs in the logfile => security problem. >How-To-Repeat: Just use Netscape Gold and give it a default user/password pair then publish your document through the proxy. Netscape will send something like PUT http://user:[EMAIL PROTECTED]/document HTTP/1.0 which gets the proxy confused. >Fix: I have fixed the problems by modifying proxy_http.c and mod_proxy.c -- where can I send the solution %3 >Audit-Trail: >Unformatted:
