Revision 910563
Go back to digest for 18th January 2009Other in KDE Base
Refactor HTTP authentication:
- One class per authentication scheme
- One parser for auth header, where in RFC format
- Don't manipulate HTTP state "somewhere"; explicitly model actions to be taken when using a specific scheme
- Reduce the ugly ugly proxy/WWW auth special-casing to a minimum
- Apply the effect of !m_request.isKeepAlive in one well-defined place
Benefits so far:
- (most of the time) just one auth popup even if konqi loads ten tabs
- apparently faster surfing via proxy with proxy auth
- I understand it :)
TODO:
- Resurrect Negotiate auth
- Fill in the case where the same credentials are used twice in a row without asking the user twice, aka. Digest auth with stale nonce value
- Fix SSL with proxy auth: looks like a Qt bug to me.
- Try and make sure that no unneeded credentials are sent. This can be a trivial to exploit security problem.
- Make sure there is no otherwise benign "garbage" in request headers
- Test, test, test
File Changes
- /trunk/KDE/kdelibs/kioslave/http
- /httpauthentication.cpp
- /httpauthentication.h
- /trunk/KDE/kdelibs/kioslave/http
- /http.cpp
- /http.h
- /parsinghelpers.cpp