hi Henrik,
in cachemanager menu the first page view after logging
in will show the unencrypted password in
the browser's address bar since the GET method is used
to log in.
this little patch prevents the passwd from beign shown;
i hope there are no other conflicts arising from it
(have not had any problems yet)
--- cachemgr.c 2002-09-01 14:32:00.000000000 +0200
+++ cachemgr.next.c 2002-10-04 12:28:48.000000000 +0200
@@ -242,7 +242,7 @@ auth_html(const char *host, int port, co
printf("<P>This is a WWW interface to the instrumentation interface\n");
printf("for the Squid object cache.</P>\n");
printf("<HR noshade size=\"1px\">\n");
- printf("<FORM METHOD=\"GET\" ACTION=\"%s\">\n", script_name);
+ printf("<FORM METHOD=\"POST\" ACTION=\"%s\">\n", script_name);
printf("<TABLE BORDER=\"0\" CELLPADDING=\"10\" CELLSPACING=\"1\">\n");
printf("<TR><TH ALIGN=\"left\">Cache Host:</TH><TD><INPUT NAME=\"host\" ");
printf("size=\"30\" VALUE=\"%s\"></TD></TR>\n", host);
regards,
Clemens
-- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup "Free price comparison tool gives you the best prices and cash back!" http://www.bestbuyfinder.com/download.htmReceived on Fri Oct 04 2002 - 04:36:31 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:52 MST