I'm looking in modules/http/http_request.c.
Is this even in the right ballpark?
I'm hoping there's one if statement this call is failing causing the new
environment not to be set. I would think it would be like a check to see if
a user is already logged in.
But, I not familiar with http terms.
Folks I've talked to just don't try to get htaccess to work with ajax for the
most part. They rely on php security.
That's probably because on the backend, they still need to handle
authorization. Unless all users to your backend should have equal access to
all associated data, you're
I don't think a checking to see if the logged in user name is different from
the credentials user is that much additional overhead.
M*
-Original Message-
From: Houser, Rick [mailto:houser.r...@aoins.com]
Sent: Wednesday, April 22, 2009 1:49 PM
To: modules-dev@httpd.apache.org
Ruediger Pluem wrote:
the next configuration *can* do security harm:
VirtualHost foo.example.com:443
SSLVerifyClient optional
SSLCACertificateFile foo-clientauth-bundle.pem
/VirtualHost
VirtualHost bar.example.com:443
SSLVerifyClient optional
SSLCACertificateFile
Dear developers,
during the developing of own module in C language and I have some
problems with mod_negotiation module.
In my apache2-2.2.3I have one VirtualHost _default:443
In the configuration file of this of this machine is mentioned:
MultiviewsMatch All
DocumentRoot
Hello all,
I would like to ask you how I can work with cookie with my module.
I have insert cookie to the r-err_headers_out with function
apr_table_add(r-err_header_out,Set-Cookie, XXX);
but after internal redirection in r-headers_in is not mention any
Cookie only Set-Cookie.
Is this behaviour
Rainer Jung wrote:
On 20.04.2009 15:57, Jim Jagielski wrote:
On Apr 17, 2009, at 4:28 PM, Rainer Jung wrote:
The same type of balancing decision algorithm was part of mod_jk between
1.2.7 and 1.2.15. I always had problems to understand, how it exactly
behaves in case some workers are out of
I hope I'm posting to the right list and everyone hasn't already seen my
posting.
As it works on my server, if a user is logged into htaccess and a webpage
accesses another webpage via ajax using new credentials, the creditials
are validated for the ajax page access, but the new user is not
KaiGai Kohei wrote:
Folks,
Now we have a few approaches to support SELinux.
Which is the preferable to get upstreamed?
1. The idea of mpm_security
It spawns a new process for each connections. It gives third-party modules
a chance to assign appropriate privileges prior to invocations