|
Back
Midas
Rome
Roody
Rootana
|
Midas DAQ System |
Not logged in |
|
|
13 Jun 2016, Konstantin Olchanski, Info, mongoose v6.4 is ready for use
|
13 Sep 2016, Konstantin Olchanski, Info, mongoose v6.4 is ready for use
|
26 Sep 2016, Wes Gohn, Info, mongoose v6.4 is ready for use
|
26 Sep 2016, Konstantin Olchanski, Info, mongoose v6.4 is ready for use
|
|
Message ID: 1199
Entry time: 13 Sep 2016
In reply to: 1182
Reply to this: 1201
|
Author: |
Konstantin Olchanski |
Topic: |
Info |
Subject: |
mongoose v6.4 is ready for use |
|
|
> latest version of mongoose web server library (v6.4) is now implemented in midas.
A number of bugs were found in the mongoose v6 implementation of HTTP digest authentication:
- unusual URL in the form "https://blah:8443/?" (notice trailing "?") were rejected. These URLs are sometimes generated by
MIDAS.
- URLs longer than 200 bytes were rejected
- a check for matching URIs between the HTTP request and in digest authentication was missing (required by specs)
If you are using mhttpd with mongoose v6 https, please update mhttpd.cxx to the latest version.
We continue to recommend that mhttpd be used behind a proper HTTPS proxy with password protection (i.e. apache httpd).
mongoose v4 does not seem to have the same bugs, old server does not support https so does not have these bugs.
K.O. |