Hacking to enable HTTP auth with PHP-CGI + Apache suExec.

[filipesaraiva]

The hacking was proposed by Matthias Blaicher (http://ur1.ca/jfz9v) to access
owncloud in Webfaction servers. More informations in Webfaction community
support http://ur1.ca/jg37x.

[filipesaraiva]

This pull request is related to issue #10318.

[ghost]

Thanks a lot for your contribution! Contributions to the core repo require a signed contributors agreement http://owncloud.org/contribute/agreement/ Alternatively you can add a comment here stating that this contribution is MIT licensed. Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/

[scrutinizer-notifier]

The inspection completed: 7 new issues, 1 updated code elements

[LukasReschke]

I'm honestly against doing some magical hacks that involves parsing all Authorization GET parameters globally in base.php

[LukasReschke]

That hack should get implemented as own application instead of some magical base.php hack that might very likely lead to problems in other environments.

You should create a new application and add that hack to it's app.php – from my PoV this is nothing that belongs in core.

[mabl]

Hi,
I'm the guy who wrote the original blog post.

While I think the solution is safe from a security point of view, it's rather invasive for all other deployments which is why I never pursuited to push it upstream.

@LukasReschke Could this actually be done in applications? It would have to modify the way authentication work and also change .htaccess. Without ever having looked into Owncloud apps, I would not have expected them to be that invasive.

Regarding licences: Since most of the solution was already circulating around previously on the net I'd consider it MIT or WTFPL.

Best,
Matthias

[filipesaraiva]

Hello, I just created the merge request after the request from @DeepDiver1975. Well, is it possible to do it as an app? If yes, please send me some information about app development to owncloud and I will try to do it. Really, I would like stop to apply this patch to each update of my owncloud instance. =) Thanks.

[LukasReschke]

Let me reply to that later… – It's definitely possible to do that as app.

[MorrisJobke]

ping

[ghost]

Can one of the admins verify this patch?

[MorrisJobke]

Let me reply to that later… – It's definitely possible to do that as app.

@LukasReschke Yes?

[simonv3]

👍 Would love some ideas on how to do this in an app. We could include that here: #10318

[DeepDiver1975]

@LukasReschke will come up with an app to handle this ...

[filipesaraiva]

Thanks, but please could you ping this bugreport when the app be released?
Cheers!

[filipesaraiva]

Any news about the app to fix it?
Let me know if I can help with something.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.