[Webkit-unassigned] [Bug 122952] New: [GTK] [WK2] Add NTLM authentication enabled API
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 17 02:10:20 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=122952
Summary: [GTK] [WK2] Add NTLM authentication enabled API
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Gtk
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: brian.holt at samsung.com
According to libsoup API docs, NTLM authentication is not enabled by default and the if the user wants it, the feature should be added to the session explicitly. We are not doing that currently in WebKit, which means that NTLM authentication is not supported.
>From Dan Winship:
There are some arguments against enabling it by default; if you have the client-side samba stuff installed, and are logged into a Windows domain, then NTLM authentication can happen completely transparently (ie, no "authenticate" signal, no password dialog) using the cached credentials, and there are attacks against intranets that you could make using that functionality if you could hijack someone's http connection... so it's best to only have it get used when the app is explicitly expecting it to be used (as in evolution).
Instead we should expose an API in WebKit like
WEBKIT_API void
webkit_web_context_set_ntlm_authentication_enabled(WebKitWebContext *context,
gboolean enabled);
that sends a message to the WebProcess (or NetworkProcess), which in turn will add the feature to the soup session using
soup_session_add_feature_by_type (session, SOUP_TYPE_NTLM_AUTH);
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list