Mercurial > dovecot > original-hg > dovecot-1.2

diff doc/auth-protocol.txt @ 4682:bc071307fc2a HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Require that the "resp" parameter for AUTH command is the last.
author Timo Sirainen <tss@iki.fi>
date Sun, 15 Oct 2006 18:52:25 +0300
parents 0c11f0b05e19
children f24a1e1c8310
line wrap: on
line diff
--- a/doc/auth-protocol.txt	Sun Oct 15 18:42:58 2006 +0300
+++ b/doc/auth-protocol.txt	Sun Oct 15 18:52:25 2006 +0300
@@ -100,10 +100,14 @@
 
  - lip=<local ip>    : Local IP  - in standard string format,
  - rip=<remote ip>   : Remote IP - ie. for IPv4 127.0.0.1 and for IPv6 ::1
- - resp=<base64>     : Initial response for authentication mechanism
  - secured           : Remote user has secured transport to auth client
                        (eg. localhost, SSL, TLS)
  - valid-client-cert : Remote user has presented a valid SSL certificate.
+ - resp=<base64>     : Initial response for authentication mechanism.
+                       NOTE: This must be the last parameter. Everything
+		       after it is ignored. This is to avoid accidental
+		       security holes if user-given data is directly put to
+		       base64 string without filtering out tabs.
 
 FAIL parameters may contain "reason=.." parameter which should be sent to
 remote user instead of a standard "Authentication failed" message. For