On Tue, Mar 18, 2008 at 9:10 AM, Brian Eaton <[EMAIL PROTECTED]> wrote:
> I'm considering modifying ProxyHandler.java so that it no longer even > thinks about trying to sign requests being tunneled through the image > embedding proxy. Signing would be available only through the JSON > proxy. I thought this was the case already, but it might have become possible after the initial check in. The "open" proxy shouldn't be aware of any authentication or signing. Explicitly disallowing it would probably be good. > > Note that no existing code (that I can find, anyway) would trigger the > signing functionality for the embedding proxy. No gadget security > token is provided, much less the appropriate parameters to enable > signing. > > Objections? > -- ~Kevin
