- From: Christopher A. Rath <car@research.att.com>
- Date: Mon, 5 Jan 1998 11:24:06 -0500
- To: "'www-lib-bugs@w3.org'" <www-lib-bugs@w3.org>
I believe I have found a bug in the 5.1d code for handling basic authentication. First, here is what I was trying to do: I was running libapp_4 to connect to password protected web sites. The first site I tried was: http://mymachine.mydomain.com/website/protecteddir This seemed to work fine. I was prompted for a username/password. The second site I tried was: http://mymachine2.mydomain2.com/protectedwebsite This went into an infinite recursion doing after filters and cleanup. It seems the problem is that the template generated for the first URL is http://mymachine.mydomain.com/website* and for the second, it is http://mymachine2.mydomain2.com* The scan() function in puts the * in the hostname. Subsequent lookups of the authorization information for this host thus fail because the hash of mymachine2.mydomain2.com does not match the hash of mymachine2.mydomain2.com*. I am guessing a possible fix is to modify scan() so that it accepts either / or * as a terminating character for host names, but I have very little experience with this library and don't know what this might break. Christopher A. Rath car@research.att.com
Received on Monday, 5 January 1998 11:20:37 UTC