Revision 4562307...

Go back to digest for 24th March 2013

Security in Other

Sven Brauch committed changes in [attica] /:

Do HTTP basic authentication the right way

Until now, attica wrote the credentials into the URL and into the header
on every request as soon as the user had entered them.
This could lead to warning dialogs from the HTTP kioslave about
possible address spoofing, since credentials must only be sent if the
server requests them explicitly. The QNetworkAccessManager class
being used by the libary anyways provides an easy way to do this:
it emits a signal when the server asks for username/password, and
all you have to do is connect to that signal and fill out the credentials
in the argument it gets.
To keep this change as local as possible, the credentials are stored in
the User attribute fields of the QNetworkRequest, because then they
can be both set and read in one central place.

File Changes

Modified 3 files
  •   lib/atticabasejob.cpp
  •   lib/atticabasejob.h
  •   lib/provider.cpp
3 files changed in total