Re: auth bug fix for 4.0.6

2002-11-09 Thread Remy Maucherat
Bill Barker wrote: Replying to an older version of the thread, since I share messages the other way around. Personally, I think that Remy needs to work on his people skills. Keith has been a very valuable committer on the 3.3 branch. Rather than shooting him down, you could have given him po

Re: auth bug fix for 4.0.6

2002-11-09 Thread Bill Barker
PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Thursday, November 07, 2002 11:41 PM Subject: Re: auth bug fix for 4.0.6 > Bill Barker wrote: > > > As a non-4.x expert, your patch looks ok. I would guess that it would > > still > > hav

RE: auth bug fix for 4.0.6

2002-11-08 Thread Keith Wannamaker
I regret it wasn't in line with your expectations. Keith | -Original Message- | From: Remy Maucherat [mailto:remm@;apache.org] | Sent: Friday, November 08, 2002 1:57 PM | To: Tomcat Developers List | Subject: Re: auth bug fix for 4.0.6 | | | No, I was just complaining about the

Re: auth bug fix for 4.0.6

2002-11-08 Thread Remy Maucherat
Keith Wannamaker wrote: Remy, I don't even know if 4.1.x and 5.0 share the bug or not; I haven't tested it, though I suspect they do. I do know 4.0.6 has the bug. I'm not sure what interpretation you are questioning -- if it is the placement or nature of the fix, sure, I said someone may want t

RE: auth bug fix for 4.0.6

2002-11-08 Thread Keith Wannamaker
bug fix for 4.0.6 | | | I would guess that it would still | have problems with a request to /foo/protected where the security-constraint | is only for /foo/protected/*. | | -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands,

RE: auth bug fix for 4.0.6

2002-11-08 Thread Keith Wannamaker
emm@;apache.org] | Sent: Friday, November 08, 2002 2:42 AM | To: Tomcat Developers List | Subject: Re: auth bug fix for 4.0.6 | | | Bill Barker wrote: | | > As a non-4.x expert, your patch looks ok. I would guess that it would | > still | > have problems with a request to /foo/protected

Re: auth bug fix for 4.0.6

2002-11-07 Thread Remy Maucherat
Bill Barker wrote: As a non-4.x expert, your patch looks ok. I would guess that it would still have problems with a request to /foo/protected where the security-constraint is only for /foo/protected/*. I don't agree, the patch is bad for 4.1.x and 5.0 (at least, you must use the decoded URI

Re: auth bug fix for 4.0.6

2002-11-07 Thread Bill Barker
ED]> Sent: Thursday, November 07, 2002 9:36 PM Subject: auth bug fix for 4.0.6 > It turns out TC 4.0.6 has the same auth bug as 3.3-- > it challenges prior to redirects. The immediate problem > this causes is that some browsers will cache and send > credentials for the entire dom

auth bug fix for 4.0.6

2002-11-07 Thread Keith Wannamaker
It turns out TC 4.0.6 has the same auth bug as 3.3-- it challenges prior to redirects. The immediate problem this causes is that some browsers will cache and send credentials for the entire domain after being challenged for a top level directory without a trailing slash. So 4.0.6 exhibits this w