On 25.01.2023 16:58, Eduard Bagdasaryan wrote:
On 25.01.2023 15:29, Amos Jeffries wrote:
On 25/01/2023 5:34 pm, Alex Rousskov wrote:
On 1/24/23 20:57, Amos Jeffries wrote:
Blocker #1: The cachemgr_passwd directly still needs to be cleanly
removed, eg replaced by a manager_access ACL based mechanism.
I do not see a relationship: I have not tested it, but the existing
CacheManager::ParseHeaders() code already extracts authentication
information from cache manager requests that use "http" scheme
AFAICT. Can you detail why the cachemgr_passwd directive/code cannot
continue to work essentially as it works today after cache_object
scheme support is removed from Squid?
We should check that then. It may not be as impactful as I am recalling.
My test showed that CacheManager::ParseHeaders() extracts password
from the Authorization header incorrectly: params.password gets an
extra '\n' symbol and CacheManager::CheckPassword() fails. This,
however, seems easy to fix.
My previous test was incorrect - please ignore this comment. I retested
it with a properly encoded base64 password now.
Eduard.
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
