[pubcookie-dev] CVS update: dors;
webiso/pubcookie/doc CHANGES.txt,1.14,1.15
dors at cac.washington.edu
dors at cac.washington.edu
Tue Jun 21 16:07:36 PDT 2005
Update of /usr/local/cvsroot/webiso/pubcookie/doc
In directory webiso-cvs.cac.washington.edu:/var/tmp/cvs-serv10250
Modified Files:
CHANGES.txt
Log Message:
changes merged from aes branch
Index: webiso/pubcookie/doc/CHANGES.txt
diff -c webiso/pubcookie/doc/CHANGES.txt:1.14 webiso/pubcookie/doc/CHANGES.txt:1.15
*** webiso/pubcookie/doc/CHANGES.txt:1.14 Fri Jun 17 12:00:56 2005
--- webiso/pubcookie/doc/CHANGES.txt Tue Jun 21 16:07:34 2005
***************
*** 1,3 ****
--- 1,16 ----
+ *) Fixed login cgi to forgo clearing the granting request cookie during
+ POST method login requests; there is no such cookie to clear.
+
+ *) Removed pre-session cookie processing from Apache module when using
+ the POST method. Pre-session cookies are a countermeasure to threats
+ posed by enterprise-domain cookies; so they're unnecessary when the
+ POST method is used to transport authentication information.
+
+ *) Added AES encryption support to login cgi and Apache module. The
+ module determines the algorithm to use, which is configurable with
+ the new PubcookieEncryption directive. AES is the default and will
+ require a AES-encryption-enabled login server.
+
Changes with 3.2.1:
*) Fixed Apache module to avoid possible null pointer in REMOTE_REALM
end of message
More information about the pubcookie-dev
mailing list