mOses, On Thu, Jun 11, 2009 at 11:42 PM, mOses<trklis...@networksamurai.org> wrote: > Andres, > > On Jun 11, 2009, at 10:13 PM, Andres Riancho wrote: > >> mOses, >> >> On Wed, Jun 10, 2009 at 11:07 PM, mOses<trklis...@networksamurai.org> >> wrote: >>> >>> Andres, >>>> >>> >>> Andres, >>> I am not familiar with patch and diff, I am not really a developer, this >>> is >>> honestly one of the first things i've done publicly. Anyhoo. I think it >>> works, I have created a .zip and attached it to you and the list. I am >>> not >>> sure if this will get bounced from the list, but you may have it! >> >> I performed a "read only" review of the code, and this is what I got so >> far: >> >> 1- In urlOpenerSettings, d6 and d7 say basic, and should say NTLM. >> >> 2- What happens if the user configures both basic and NTLM auth? As >> far as I can see this is allowed by the code, but... will it work? >> Does it even make sense? >> > > I'll make a NTLM and Basic auth check for each other and if one is set > prompt and not set or something to the effect. Working on it. :D
Ok =) >> 3- To build this patch, you used the latest version from python-ntlm, >> which is great. >> > > How can we make sure that as the 'python-ntlm' project is updated we can > keep these files current? There is no way. At first I thought this was a problem, but it's actually a feature. What if the guys from python-ntlm change "the API" ? Imagine this situation: - We auto-update the python-ntlm library from their SVN to our SVN every night - They change the API - We don't know they changed the API - urlOpenerSettings.py becomes outdated - urlOpenerSettings.py doesn't work anymore with NTLM - We don't know nothing about it I think that the best way to handle this is to check every two months or so, if they released a new version of their library, and if some important bug was fixed, update it in w3af. >> I'm attaching a slightly modified version of the urlOpenerSettings >> file, which fixes 1-. I'll try to performs some tests tomorrow >> morning. >> > > Is this on SVN yet? No, not yet. It will be when I have the change to test it, or Adam / Spinkham can do it. >> Thank you very much for your contributions! >> > > I am glad to do it. It's a great project! :) >> Cheers, >> > > M > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
