Skip to content

Additional header for choice basic auth / form based auth #62

Description

@Fifgm

Is this a new feature request?

  • I have searched the existing issues

Wanted change

Pleased add a header for the choice "form login" vs "basic authenticaton".

Reason for change

The current design with auto selection has some ugly issues:

  • in basic auth a fermed-encrypted password could be entered
  • base64 decryption takes place after fermed decryption throwing and logging an error
  • user can bypass admins decision for using basic auth if he sets a cookie manually
    Some of these problem are theoretically and hard to abuse, but a header for switching the auth method would be bulletproof and try-and-error for the right decryption algorithm is bad design.

Proposed code change

No response

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Issues

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions