Edgewall Software
Modify

Opened 16 years ago

Closed 16 years ago

Last modified 16 years ago

#7664 closed enhancement (fixed)

[PATCH] Disable check_auth_ip by default

Reported by: pjdelport@… Owned by: Remy Blank
Priority: normal Milestone: 0.11.2
Component: general Version:
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

The check_auth_ip option (currently enabled by default) breaks a large number of legitimate network configurations. I am from South Africa, for example, which uses a national caching HTTP proxy layer with no single client IP address, so most people in the country can not log into a Trac instance that leaves this option at its default (i.e., most of them). Caching proxies everywhere are similarly affected, as well as multi-homing setups, NAT routers, and everything else that invalidates the presumption that a user agent corresponds to an IP addresses.

That said, there are specific deployments where this option can be usefully turned on, but the administrator will know when it is safe to turn on: for the general internet, i don't think Trac should default to breaking valid clients.

The attached patch changes the default value for check_auth_ip to false, and adjusts the unit test accordingly.

Attachments (1)

check_auth_ip-nodefault.patch (1.1 KB ) - added by Piet Delport <pjdelport@…> 16 years ago.
Change the check_auth_ip option's default value from true to false.

Download all attachments as: .zip

Change History (5)

comment:1 by Remy Blank, 16 years ago

Milestone: 0.11.3
Owner: set to Remy Blank

(The patch is missing, but I guess it's pretty obvious how it should look like.)

I'm not sure about this. Is check_auth_ip = false a security issue? The option was introduced in [1361] to allow disabling the IP check, see #507.

by Piet Delport <pjdelport@…>, 16 years ago

Change the check_auth_ip option's default value from true to false.

in reply to:  1 comment:2 by Piet Delport <pjdelport@…>, 16 years ago

(The patch is missing, but I guess it's pretty obvious how it should look like.)

Sorry, i must have botched the attachment during submission. Patch now attached. :)

I'm not sure about this. Is check_auth_ip = false a security issue? The option was introduced in [1361] to allow disabling the IP check, see #507.

Any security provided by this check is largely false: the same thing that makes it break valid clients also makes it miss actual attackers. There is not a one-to-one correspondence between HTTP user agents and IP addresses.

This check could conceivably be useful for specialized Trac installations with controlled client bases (for example, corporate settings), but it should be explicitly enabled: for general, Internet-facing contexts, it is a Really Bad Idea, and should never be done.

comment:3 by Remy Blank, 16 years ago

Milestone: 0.11.30.11.2
Resolution: fixed
Status: newclosed

Patch applied in [7613]. Thanks!

in reply to:  3 comment:4 by Piet Delport <pjdelport@…>, 16 years ago

Cool, thanks!

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Remy Blank.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Remy Blank to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.