Feature #3034
closed"valid-user" cannot be combined with other required rules in configuration option "auth.require".
Description
In "require" field of configuration option "auth.require", "require" => "valid-user" will authorize any authenticated user. However, this "require" value should not be combined with other require rules. In case of negligence, it is better to add some obvious notification in the document of https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth.
Updated by gstrauss over 3 years ago
FYI: the account you used to post here can also be used to edit the wiki documentation. (Your edits may be further edited by others)
A note in the documention is unlikely to have any impact on user negligence, but may increase the noise level so that fewer people read the docs.
"You should perform positive and negative tests to confirm that your auth configuration properly protects your site in the ways that you expect."
Updated by gstrauss over 3 years ago
This statement in the documentation is direct and clear: "require" => "valid-user" will authorize any authenticated user
I don't see how additional words will make that any clearer.
Updated by gstrauss over 3 years ago
- Status changed from New to Invalid
- Priority changed from Normal to Low
- Target version deleted (
1.4.x)
Also available in: Atom