Received: (qmail 23107 invoked by uid 501); 1 Aug 2001 13:41:31 -0000 Message-Id: <20010801134131.23106.qmail@apache.org> Date: 1 Aug 2001 13:41:31 -0000 From: Pavel Fercer Reply-To: biz@infodrom.ru To: submit@bugz.apache.org Subject: ISAPI dll can't see Basic authorization string X-Send-Pr-Version: 3.110 >Number: 8114 >Category: mod_isapi >Synopsis: ISAPI dll can't see Basic authorization string >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Aug 01 06:50:00 PDT 2001 >Closed-Date: Mon Sep 24 10:08:02 PDT 2001 >Last-Modified: Mon Sep 24 10:08:02 PDT 2001 >Originator: biz@infodrom.ru >Release: 1.3.20 >Organization: >Environment: Windows NT 4 SP6A, Apache Win32 binaries >Description: When my ISAPI dll is in directory with restricted access (by mod_auth), it can't see Auth string. I use Borland Delphi 5.0 to compile DLL and Authorization property of TWebRequest to see Auth string; on IIS it works fine. >How-To-Repeat: Make New->Application->ISAPI Application project in Delphi. Setup default handler to return Request.Authorization. Place .htaccess file in directory with dll. This file must include such strings: AuthType Basic AuthName "restricted area" AuthUserFile "" Require user Options ExecCGI In httpd.conf AllowOverride in the root directory section must be All. Connect to server, try execute dll in restricted directory, type valid username and password in window. You'll see empty page. >Fix: >Release-Note: >Audit-Trail: From: "Infodrom media" To: Cc: Subject: Re: mod_isapi/8114: Date: Mon, 27 Aug 2001 15:02:51 +0400 My problem solved when i added SECURITY_HOLE_PASS_AUTHORIZATION define to the util_script.c module. I think that it may be useful to add such switch to the config file. Anyway, there is another problem with environment variables, ISAPI and Delphi. (Delphi loses the last character of the variable value). See my bug report #8242 about way to solve it. From: "Infodrom media" To: Cc: Subject: Re: mod_isapi/8114: Date: Mon, 27 Aug 2001 15:02:51 +0400 My problem solved when i added SECURITY_HOLE_PASS_AUTHORIZATION define to the util_script.c module. I think that it may be useful to add such switch to the config file. Anyway, there is another problem with environment variables, ISAPI and Delphi. (Delphi loses the last character of the variable value). See my bug report #8242 about way to solve it. State-Changed-From-To: open-closed State-Changed-By: wrowe State-Changed-When: Mon Sep 24 10:08:02 PDT 2001 State-Changed-Why: As the user points out, there is a compile flag to alter this very dangerous behavior when needed. Folks compiling win32 isapi's can likely build the server themselves with this flag set. It's STRONGLY discouraged, so the current behavior is correct. thanks for the report and interest in the Apache project (and your other report is still flagged to be fixed.) >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]