Front page | perl.libwww |
Postings from December 2001
From: Beyond Control Inc.
December 16, 2001 12:58
Message ID: 004501c18675$8c27aab0$6aac003e@nevermind
I'm sorry if this message appears twice, I don't think that the first time I tried to send it was a successful try...
Anyways, here's how I recently caused useragent to commit suicide:
If you have a server that requires you to authenticate using digest.pm, and upon a failed login attempt send a 401 error code - It will cause the useragent -> digest relationship to crumble.
The problem is that upon a receipt of a 401 response code (Authentication required) by Useragent's request(), it will call the digest module which in turn fills up the relevant security related fields and call request() after that change.
Assuming the result of a failed login is another 401 code, it will cause this to happen once again - the request(), initiated by digest.pm, will call digest.pm again with the same parameters, which will call request, which will call digest and so on and on until perl puts an end to it by stating it's a deep recursion.
I think this should be fixed like the redirect mechanism, placing a counter which says that up to x times it's still relevant to call the authentication, but after that just return with what you got.
By Beyond Control Inc.
by Beyond Control Inc.