On 25.01.2023 15:29, Amos Jeffries wrote:
On 25/01/2023 5:34 pm, Alex Rousskov wrote:
On 1/24/23 20:57, Amos Jeffries wrote:
Blocker #1: The cachemgr_passwd directly still needs to be cleanly
removed, eg replaced by a manager_access ACL based mechanism.
I do not see a relationship: I have not tested it, but the existing
CacheManager::ParseHeaders() code already extracts authentication
information from cache manager requests that use "http" scheme
AFAICT. Can you detail why the cachemgr_passwd directive/code cannot
continue to work essentially as it works today after cache_object
scheme support is removed from Squid?
We should check that then. It may not be as impactful as I am recalling.
My test showed that CacheManager::ParseHeaders() extracts password from
the Authorization header incorrectly: params.password gets an extra '\n'
symbol and CacheManager::CheckPassword() fails. This, however, seems
easy to fix.
Eduard.
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
