[Solved] Why read data prior to authorization
Added by saraliu over 5 years ago
There is a issue that happened in our test.
We want to upload a file(40M) to our device,we using post method,we found the web server will read the request and file first,when file read over,then do authorization(mod_auth.c),Why read file prior to authorization check?Does this have some special reasons?
Could we read request header first and then do auth check,if auth successfully,let CGI to read the file data,but if auth failed, no need read file?
Thanks.
Replies (3)
RE: Why read data prior to authorization - Added by gstrauss over 5 years ago
Could we read request header first and then do auth check,if auth successfully,let CGI to read the file data,but if auth failed, no need read file?
Yes. That's how lighttpd works since lighttpd 1.4.40, released over 3 years ago. (commit 8f27ff8c)
Please realize that you are posting on lighttpd's official site and you should already know that the latest lighttpd release is lighttpd 1.4.53. (That's 14 releases of lighttpd including 1.4.40)
Sorry, we do not control whatever Linux distro you are using and whether or not it provides lighttpd updates.
RE: Why read data prior to authorization - Added by saraliu over 5 years ago
Thanks for your help,We don't update the lighttpd version in our code ,Now we still using the old version lighttpd 1.4.26,I will try to update the new version.
RE: Why read data prior to authorization - Added by gstrauss over 5 years ago
lighttpd 1.4.26 was released over 9 years ago. Please try not to waste people's time.