Sorry for the late answer...
> Hmm... My thought would have been that Apache::AuthenCache
> would do the
> trick... What are the exact symptoms when you use
> AuthenCache? Are you
> still hitting the Domain controller for every request?
Yes, still like DoS...
> Another option would be to use $r->is_initial_req like:
>
> my $r = shift;
> return OK unless $r->is_initial_req;
>
> What happens when you add this to the module? (I'm not sure
> that this
> would be appropriate in the main module on CPAN, but you
> could just add
> the line everytime you downloaded it... (What does everyone else
> think? Maybe set a PerlSetVar to turn this on and off?))
Haven't tried this, but I was told to add this to the module:
(Version 0.6, Debian Release)
<snip>
sub authen {
my @args = @_;
# Truncate everything to length 80 to avoid poor coding practices in the
# smbvalid.a (buffer overflows) PMK--fixme in smbvalid.a when possible.
for my $i ( 0..$#args ) {
$args[$i] = substr($args[$i], 0, 80);
}
my($username, $password, $server, $backup, $domain) = @args;
#new: open L, "> /tmp/AuthenSmb.lck" or die "Can't open /tmp/AuthenSmb.lck:
$!\n";
#new: flock L, LOCK_EX;
my $res = Valid_User($username, $password, $server, $backup, $domain);
#new: close L;
return $res
}
<snip>
This changes work, but I don't know how secure this solution is.
How secure is 'return OK unless $r->is_initial_req;'? What's the
(technical) difference between the initial and the rest? Isn't
it easy to fake at this point?
- mathias -
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
