boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

disabled ipAuth for _p Pages (and broken Form-Login :-() for security reasons

Browse Source 
git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2201 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
allo 19 years ago
parent bd22634c44
commit 7f51a43cba
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

5
source/de/anomic/http/httpdFileHandler.java
Unescape View File

@ -318,7 +318,10 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) {
// authentication required
userDB.Entry entry=sb.userDB.ipAuth(conProp.getProperty(httpHeader.CONNECTION_PROP_CLIENTIP));
//FIXME: Form-Login is broken, until the Auth is fixed.
//ipAuth is too insecure, if the users uses a proxy.
//TODO: cookieAuth or something like this.
userDB.Entry entry=null; //sb.userDB.ipAuth(conProp.getProperty(httpHeader.CONNECTION_PROP_CLIENTIP));
if( (entry != null && entry.hasAdminRight()) || (authorization != null && sb.userDB.hasAdminRight(authorization)) ){
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));

Write Preview
Loading…
Cancel
Save