On Thursday 13 June 2013, Roy T. Fielding wrote: > On Jun 12, 2013, at 12:34 PM, s...@apache.org wrote: > > Author: sf > > Date: Wed Jun 12 19:34:19 2013 > > New Revision: 1492395 > > > > URL: http://svn.apache.org/r1492395 > > Log: > > Actually use the secret when generating nonces. > > > > This change may cause problems if used with round robin load > > balancers. Before it is backported, we should add a directive to > > use a user specified secret. > > > > PR: 54637 > > FWIW, I don't think this code can be released as is.
I agree. That's what I wanted to express in the commit message, sorry if that did not come out correctly. > Using a global pointer to an allocated pool variable is > not even remotely safe when that pool gets deallocated. > And a routine that gets called within .htaccess files is not an > appropriate place to set a server-wide value. It's the process pool, and that won't get cleaned up before server shutdown. And the secret will be initialized in post_config hook at the latest, so there is no chance that it will be called from .htaccess. But moving the whole thing to pre_config would be clearer and better. I will do that when I have some cycles. > because that is where the real fix should be. The current secret > should be replaced here by a configurable string that is set in > the virtual host config. Ack. Though in absence of a configured value, the random secret is fine. Cheers, Stefan