[kforge-dev] mod_python authentication handlers

John Bywater john.bywater at appropriatesoftware.net
Thu Sep 13 10:43:00 UTC 2007


So another idea is: the mod_python documentation for the request object 
discusses passing values between handlers by setting attributes on the 
request object. Now, as the Trac handler is being passes POST 
information, I suggest we attempt to remedy the situation by removing 
all request parameters from the request object when a redirect is 
initiated. That way we can hope that Trac isn't able to respond to a 
POST request.

Just an idea. I had assumed nothing about the request object, but if the 
same object passed is passed to every handler, then we probably are in 
full control afterall.

Anyway, it's just an idea at the mo....

John.


John Bywater wrote:
> Just looking at this code again, setting the request.user in all cases 
> seems wrong.
>
> Also, I'm still sure we can think of a way to fix things up so that we 
> can redirect browsers without triggering the Trac handler. It's not 
> really wholly satisfactory at the mo, I reckon....
>
> Best wishes,
>
> John.
>
>
>
>   


-- 
Appropriate Software Foundation
Registered in England and Wales
17 Chapel Street, Hyde Cheshire
Company number: 04977110
W: appropriatesoftware.net
T: 0870 720 2944
M: 0781 139 2292






More information about the kforge-dev mailing list