Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-21535

Improper handling of Basic Authorization token

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.0.x
    • Component/s: ESP
    • Labels:
      None

      Description

      CHttpClient::sendRequest incorrectly assembles the Basic Authorization header value. It Base64 encodes the user credentials, explicitly telling the encoder to exclude newlines. It then unconditionally removes the last character of the encoded string, assuming it to be a newline.

      This doesn't appear to adversely affect the ESP's ability to directly call roxie services, but yields a 401 HTTP result if the configured URL is for a WsEcl connection.

        Attachments

          Activity

            People

            • Assignee:
              klemti01 Tim Klemm
              Reporter:
              klemti01 Tim Klemm
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: