Skip Menu |

This queue is for tickets about the Apache2-AuthCookieDBI CPAN distribution.

Report information
The Basics
Id: 62488
Status: resolved
Worked: 30 min
Priority: 0/
Queue: Apache2-AuthCookieDBI
People
Owner: matisse [...] spamcop.net
Requestors: WMCKEE [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 2.13
Fixed in: 2.14

History Show all quoted text
  Wed Oct 27 10:38:05 2010 WMCKEE [...] cpan.org - Ticket created
Subject: WhateverDBI_SecretKey string does not work in Apache
Matisse, While getting this library installed to an older v1.3.x Apache, I discovered that the codebase doesn't support the newer WhateverDBI_SecretKey. It only works with WhateverDBI_SecretKeyFile. Not a big deal, but updating the docs would have saved me some time. William -- Knowmad Technologies http://www.knowmad.com
  Sat Oct 30 13:20:21 2010 matisse [...] spamcop.net - Correspondence added
Thanks. I plan to do a new release of the apache2 version some time soon ($work has kept me VERY bust the past several months) and I'll address this in the next release.
  Sat Oct 30 13:20:22 2010 The RT System itself - Status changed from 'new' to 'open'
  Sat Oct 30 13:23:43 2010 matisse [...] spamcop.net - Taken
  Sat Dec 18 21:10:24 2010 matisse [...] spamcop.net - Correspondence added
Oops, I forgot to fi the docs in 2.13. Will fix this weekend!
  Sat Dec 18 21:19:53 2010 matisse [...] spamcop.net - Correspondence added
Here is what i think I will change the documentation to say: "WhateverDBI_SecretKey" Specifies the secret key for this auth scheme. This should be a long random string. This should be secret; either make the httpd.conf file only readable by root, or put the PerlSetVar in a file only readable by root and include it. This is required and has no default value. (NOTE: In AuthCookieDBI versions 1.22 and earlier the secret key either could be set in the configuration file itself or it could be place in a seperate file with the path configured with "PerlSetVar WhateverDBI_SecretKeyFile". As of version 2.0 you must use "WhateverDBI_SecretKey" and not "PerlSetVar WhateverDBI_SecretKeyFile". If you want to put the secret key in a separate file then you can create a separate file that uses "PerlSetVar WhateverDBI_SecretKey" and include that file in your main Apache configuration using Apaches' "Include" directive. You might wish to make the file not world-readable. Also, make sure that the Perl environment variables are not publically available, for example via the /perl-status handler.) See also "COMPATIBILITY" in this man page.
  Sat Mar 12 15:28:01 2011 matisse [...] spamcop.net - Correspondence added 30 min
Changes made. Should be released in 2.14 soon. (Awaiting legal approval for OSS post-bask.)
  Sat Mar 12 15:28:02 2011 matisse [...] spamcop.net - Status changed from 'open' to 'patched'
  Sat Mar 26 19:07:15 2011 matisse [...] spamcop.net - Status changed from 'patched' to 'resolved'
  Sat Mar 26 19:07:15 2011 matisse [...] spamcop.net - Broken in 2.14 added
  Sat Mar 26 19:07:16 2011 matisse [...] spamcop.net - Broken in 2.05 deleted
  Sat Mar 26 19:08:22 2011 matisse [...] spamcop.net - Fixed in 2.14 added
  Sat Mar 26 19:08:22 2011 matisse [...] spamcop.net - Broken in 2.13 added
  Sat Mar 26 19:08:22 2011 matisse [...] spamcop.net - Broken in 2.14 deleted