An HTTP reverse proxy to bring authentication, authorization and accounting to RESTful applications
GNU Affero General Public License v3.0
6
stars
5
forks
source link
FIX: Avoid forging of CouchDB proxy auth. #30
Closed
franck-eyraud closed 9 years ago
This gives protection for now.
Comment : if
forwardedLoginHeader
is not used, but upstream server is configured with proxy auth, then the server is still exposed.so I'd suggest a
protectedHeaders
list because we could also meet other cases, and/or use the salted token.