[vlc-devel] [PATCH] http access: retain auth struct for the runtime of the module
Thomas Guillem
thomas at gllm.fr
Mon Sep 17 08:30:31 CEST 2018
On Sat, Sep 15, 2018, at 15:04, Rémi Denis-Courmont wrote:
> Le vendredi 14 septembre 2018, 20:08:43 EEST Felix Paul Kühne a écrit :
> > The problem of 9bc4991e is that while Basic Authentication works just fine,
> > Digest Authentication will fail as all Digest information is lost on the
> > reconnections.
>
> And that's completely irrelevant.
>
> MD5 in HTTP Digest actually should be dropped properly to prevent downgrade
> attacks, just like it was already dropped in TLS. And it won't be missed since
> NTLM essentially took that "market segment" (even if NTLM is worse in some
> ways than Digest). Literally, I have seen HTTP Digest-MD5 used exactly once in
> twenty years on the Internet, and that's when I enabled in it in my Apache
> server for experimenting.
>
> And then non-broken hash in HTTP Digest, while it has been specified, does not
> seem to be even supported by anybody, including VLC.
>
>
> Meanwhile, this patch is an unauthorized revert and reintroduce a memory leak.
> Please undo.
I tell felix this patch was OK.
This is more likely an unintentional revert that an unauthorized one. The difference is huge think.
Yes, I should have read the git backlog more carefully.
>
> --
> Rémi Denis-Courmont
>
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list