GNOME Bugzilla – Bug 796637
rtsp-auth: Add support for parsing .htdigest files
Last modified: 2018-06-21 13:50:52 UTC
Passwords are usually not stored in clear text, but instead stored already hashed in a .htdigest file. Add support for parsing such files, add API to allow setting a custom realm in RTSPAuth, and update the digest example.
Created attachment 372732 [details] [review] rtsp-auth: Add support for parsing .htdigest files
Review of attachment 372732 [details] [review]: We might want to put some validation to check if the *realm* of each htdigest entry is consistent with the auth realm. Apart from that looks good :)
(In reply to Edward Hervey from comment #2) > Review of attachment 372732 [details] [review] [review]: > > We might want to put some validation to check if the *realm* of each > htdigest entry is consistent with the auth realm. Ah good point, do you reckon it should be an error? Eg if you have a .htdigest file with multiple different realms, I don't think we want that to error out, we can just ignore the entries with non-matching realms? Though if we do that, it will make the order in which set_realm() / parse_htdigest() are called matter, not sure we want that either :)
Discussed on IRC, it is probably preferable to store all valid entries in the htdigest file, regardless of the realm, validation will be performed at authentication time, this means the order in which set_realm and parse_htdigest are called does not matter, also allows changing the realm later on without reparsing htdigest, I don't know whether that is a common use case but there's no need to prevent that :)
Attachment 372732 [details] pushed as 5ede2a5 - rtsp-auth: Add support for parsing .htdigest files