-
Etna::Auth currently accepts cookies as a valid way to present your token. While Janus token cookies are marked with `secure: true` and `same-site: strict`, they are still vulnerable to CSRF attacks (…
graft updated
4 years ago
-
**Proposed change based on this bug report**
- Prisma requires connection string to be encoded if it includes special characters
- This can be achieved in entrypoint file in `web` package
**See t…
-
# TL;DR
Having support for HashedControlPassword authentication to the tor control port would be useful. The `MESSAGING:onion` section could have a new `tor_control_password` setting and use that i…
-
```
It might be desired to create a cleaner auth_info structure in session, which
stores login_type along with other information. This information should
therefore be managed by YumWebUser.
Storing…
-
- list dogears in a menu and go directly to 'em.
- update and create dogears more comfortably.
- maybe later: auto-update reading mode. (outside scope of this ticket.)
Since it wants to list, i…
-
```
What steps will reproduce the problem?
1. Use the example usage in HTTPNtlmAuthHandler.py, modify url, user, and
password as needed. url points to a asp session based server
2. modify the code to …
-
```
It might be desired to create a cleaner auth_info structure in session, which
stores login_type along with other information. This information should
therefore be managed by YumWebUser.
Storing…
-
Atlassian has deprecated the ability to use plaintext passwords with basic auth. You need to update the tool to use basic authentication with an API token, OAuth, or Atlassian Connect:
https://deve…
-
We should be able to implement a fairly simple cookie-based auth mechanism for the index page:
1. if index page loads without cookie, redirect to login page
2. login page posts to api for authN, if us…
-
With MRBS up to 1.8.0 I could set the bookers' email address in the file auth/auth_none.inc for my remote_user session (we use a cookie based system called "idcheck"). The users' email is accessible u…