Hello,
I have noticed some problems with basic auth when using rutorrent under apache. For example if you go to rutorrent under Firefox and closes the user/pass basic auth dialog the UI will show, with no data from rtorrent, BUT it is possible to add torrents that will be passed to rtorrent, and if you have rss-plugin you could view your rss, add rss feeds, download torrents from rss feed and so on.
If you go to rutorrent under Chrome the auth dialog will show but the ui will load in the background showing no data from rtorrent but again, close the dialog and add torrents... Here is a print from Chrome:
http://i47.tinypic.com/1pi4k3.png
I don't know if this have been reported before or if it has been solved another way (diffrent auth settings in apache?), anyways seems like a big security risk.
FreeBSD 8.0
rtorrent 0.8.6
libtorrent 0.12.6
rutorrent 2.8
apache 2.2.14
Firefox 3.6 / IE 8.0 / Chrome 4.0.249.89
Apache auth:
Code: [Select]
SCGIMount /RPC2 127.0.0.1:5000
<Location /RPC2>
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/etc/apache22/passwords
Require user beta
</Location>
Hope someone can help me find a solution for this
Thanks in advance!
I have noticed some problems with basic auth when using rutorrent under apache. For example if you go to rutorrent under Firefox and closes the user/pass basic auth dialog the UI will show, with no data from rtorrent, BUT it is possible to add torrents that will be passed to rtorrent, and if you have rss-plugin you could view your rss, add rss feeds, download torrents from rss feed and so on.
If you go to rutorrent under Chrome the auth dialog will show but the ui will load in the background showing no data from rtorrent but again, close the dialog and add torrents... Here is a print from Chrome:
http://i47.tinypic.com/1pi4k3.png
I don't know if this have been reported before or if it has been solved another way (diffrent auth settings in apache?), anyways seems like a big security risk.
FreeBSD 8.0
rtorrent 0.8.6
libtorrent 0.12.6
rutorrent 2.8
apache 2.2.14
Firefox 3.6 / IE 8.0 / Chrome 4.0.249.89
Apache auth:
Code: [Select]
SCGIMount /RPC2 127.0.0.1:5000
<Location /RPC2>
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/etc/apache22/passwords
Require user beta
</Location>
Hope someone can help me find a solution for this
Thanks in advance!