On Wed, Sep 9, 2009 at 8:57 AM, Dan Poirier <poir...@pobox.com> wrote:
> mod_auth_digest cannot implement nonce-count checking or the md5-sess > algorithm if the platform doesn't have shared memory. > > Right now, if the admin configures either of these options and the platform > doesn't have shared memory, the module issues a warning and continues > without the requested option. > > In my opinion, if a security check that the admin requested in the > configuration cannot be implemented, it should be more than a warning; it > should be a fatal startup error. > > What's the consensus on changing this? > > 1) What's the right behavior? > fail at startup > > 2) If it should be changed, what's the best way to do it? The change could > break configurations that currently appear to "work", although they're not > really doing what the admin configured them to do. > how many affected configurations are we talking about? * did anything that needed shared memory really work before your recent fixes? * are either of these unsupported features the default? * what platforms have no APR support for shared memory?
