[reSIProcate] What to do about missing auth tags?
bcampen
bcampen at estacado.net
Thu Sep 29 10:12:36 CDT 2005
Jason Fischl wrote:
>On 9/28/05, bcampen <bcampen at estacado.net> wrote:
>
>
>> When Auth.cxx can't find an auth tag, it throws an exception, which
>>the various authentication functions in Helper.cxx do not catch (in
>>fact, this exception will make it all the way back up to DumThread
>>before it is caught.) I want to fix this, although I want to hear back
>>about whether this should be caught in Helper, or higher up in
>>ServerAuthManager::handle(msg). I think sending a 400 if something goes
>>wrong in handle() is a bit presumptuous, so it looks like it would be
>>more correct to catch the problem in Helper, and return BadlyFormed.
>>Maybe we should also put a try block around handle() that will send a
>>500 response if some unknown thing goes wrong. Anyone have an opinion on
>>this?
>>
>>
>>
>
>The user of Auth needs to check if the auth tag exists before trying
>to access it. This way no exception will ever get thrown.
>
>
Okay, so I should be putting the check in Helper (it doesn't check
for cnonce, nc, or uri before trying to use them.)
Regards,
Byron Campen
More information about the resiprocate-devel
mailing list