Chris Withers wrote:
> Does anyone know what this means?
> The page views fine for me and this is the first error of this type I've
> seen since we launched the archives. I wonder what WebWhacker is doing
> to cause this?

Well... you can get an incorect padding error like this:

>>> import binascii
>>> binascii.a2b_base64('a ') 

Traceback (innermost last):
  File "<stdin>", line 1, in ?
binascii.Error: Incorrect padding

You can also get by adding arbitrary non-space characters to the end of
a basic authentication string.

Here's the line that'll be causing the problem.

(Zope 2.2final, lib/python/AccessControl/ line 441)

  name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1))

My guess is that the argument "auth" passed to validate() has some
trailing characters. Either that, or WebWhacker passed just "Basic " as
an auth string.

Maybe log the auth argument and re-whack your site. (Warning... this is
certainly a nasty security hole. Be sure to get rid of the logging

Steve Alexander
Software Engineer
Cat-Box limited

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to