[asterisk-bugs] [Asterisk 0010961]: [patch] Add HTTP Basic & Digest Auth (rfc2617) for manager web interface.

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Dec 9 16:13:55 CST 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10961 
====================================================================== 
Reported By:                ys
Assigned To:                otherwiseguy
====================================================================== 
Project:                    Asterisk
Issue ID:                   10961
Category:                   Core/NewFeature
Reproducibility:            N/A
Severity:                   feature
Priority:                   normal
Status:                     assigned
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 85514 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2007-10-12 06:48 CDT
Last Modified:              2008-12-09 16:13 CST
====================================================================== 
Summary:                    [patch] Add HTTP Basic & Digest Auth (rfc2617) for
manager web interface.
Description: 
I found, that manager web interface used "Cookie" Header for authenticate
the user. This require two http request, one for authenticate and next for
commands.
This patch add only Basic authentication scheme implementation, as defined
in rfc2617.
If used this scheme, httptimeout are unused, but we don't need to keep a
http session (and mansession) alive, after HTTP Request is processed.







======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0011414 [patch] Move loading users from authent...
====================================================================== 

---------------------------------------------------------------------- 
 (0096044) otherwiseguy (administrator) - 2008-12-09 16:13
 http://bugs.digium.com/view.php?id=10961#c96044 
---------------------------------------------------------------------- 
Also, I see no reason to remove Basic auth as we support HTTPS and Digest
authentication provides no benefit to Basic auth over HTTPS.  If the code
was already written, I don't see any reason not to include it. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-12-09 16:13 otherwiseguy   Note Added: 0096044                          
======================================================================

More information about the asterisk-bugs mailing list