OpenACS / openacs-4 / packages / acs-tcl / tcl

security-procs.tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 3
Total Committers: 22
Last Commit: 14:28
Commits this week: 3
Total Lines of Code (LoC): 2,822
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 7 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Tuesday 09 Sep 2014
10:31 am

gustafn

- change spelling of TCL to Tcl

- change requirements to Tcl 8.5

Options
    • -3
    • +3
    ./security-procs.tcl
  2. … 64 more files in changeset.
Tuesday 26 Aug 2014
3:25 pm

gustafn

- only variables in a non-top namespace survive session cleanup. The logic of the old code assumed that global variables survive the request-cleanup. now, the cached values is kept in the ::acs::* namespace

Options
    • -7
    • +7
    ./security-procs.tcl
Wednesday 30 Jul 2014
1:22 pm

gustafn

- undo previous secure-cookie change since it interacts badly in situations where "RestrictLoginToSSLP" is "1" and https is available: In such cases, e.g. the login page is redirected from a http (insecure) url to an https (secure) page. But when later continuing on the http connection, the user appears to be not logged in, since a well-behaved browser does not send the "secure" login coockie over the insecure connection.

Options
    • -3
    • +3
    ./security-procs.tcl
12:37 pm

gustafn

- white space changes: replace tabs by spaces

Options
    • -233
    • +250
    ./security-procs.tcl
12:12 pm

gustafn

- replace "global" statement by variables with namespace paths

Options
    • -15
    • +11
    ./security-procs.tcl
12:08 pm

gustafn

- move deprecated procs to file with deprecated functions

Options
    • -81
    • +3
    ./security-procs.tcl
  2. … 1 more file in changeset.
11:41 am

gustafn

- setting login-cookie to "secure" when set over secure connection

Options
    • -4
    • +4
    ./security-procs.tcl
11:24 am

gustafn

- just set secure flag for secure connections

Options
    • -4
    • +4
    ./security-procs.tcl
12:54 am

gustafn

- use signed cookie for session_id

Options
    • -2
    • +2
    ./security-procs.tcl
Saturday 26 Jul 2014
1:33 am

gustafn

- renew the session_id after privilege level change from unidentified to identified user

Options
    • -1
    • +7
    ./security-procs.tcl
Friday 14 Feb 2014
8:38 pm

gustafn

- fix typo

Options
    • -2
    • +2
    ./security-procs.tcl
Thursday 10 Oct 2013
10:44 pm

gustafn

- brace while expressions

- don't use expr within while expression

- use numeric comparison for truth values

- normalize string expressions

Options
    • -10
    • +10
    ./security-procs.tcl
  2. … 9 more files in changeset.
9:35 pm

gustafn

- use per-thread caching for security::driver and ad_server_modules

Options
    • -6
    • +14
    ./security-procs.tcl
2:06 pm

gustafn

- new functions security::driver and ad_server_modules to simplify

redundant logic for determining secure drivers

Options
    • -32
    • +47
    ./security-procs.tcl
Tuesday 08 Oct 2013
12:13 pm

gustafn

- remove default value from ns_config, otherwise the function determines 443 also for non-configured ssl

Options
    • -2
    • +2
    ./security-procs.tcl
12:02 pm

gustafn

- fix uninitialized variable

Options
    • -4
    • +5
    ./security-procs.tcl
11:55 am

gustafn

- try to simplify logic to determine drivers

- dropped nsunix

- use string ops instead of regexp

Options
    • -72
    • +59
    ./security-procs.tcl
Sunday 29 Sep 2013
4:55 pm

gustafn

- modernize tcl

Options
    • -3
    • +3
    ./security-procs.tcl
  2. … 9 more files in changeset.
Saturday 07 Sep 2013
10:37 am

gustafn

- replace deprecated "ad_get_user_id" by "ad_conn user_id"

Options
    • -2
    • +2
    ./security-procs.tcl
  2. … 8 more files in changeset.
Friday 16 Aug 2013
8:57 pm

gustafn

- reduce hard-coded config-section names in code

Options
    • -9
    • +38
    ./security-procs.tcl
Monday 08 Apr 2013
5:50 pm

gustafn

Performance improvements for rp_filter and parameter:

- improve performance of rp_filter (which is run on every

non-resources request) significantly (often a factor of 2)

- improve scalability by reducing number of required mutex locks

(e.g. for secret token handling)

Options
    • -52
    • +68
    ./security-procs.tcl
  2. … 8 more files in changeset.
Friday 29 Mar 2013
5:30 pm

gustafn

- store secret tokens as described in the comment per thread (previously it did not)

- use tcl 8.5 language construct to shorten code

Options
    • -34
    • +12
    ./security-procs.tcl
Tuesday 19 Apr 2011
2:08 am

daveb

Fixed to handler cookies from previous version correctly. Add back in inf max_age for session cookie when Remember Me is checked so it passes the expiration test.

Options
    • -4
    • +11
    ./security-procs.tcl
Monday 18 Apr 2011
11:25 pm

daveb

Put the strict check in the wrong place.

Options
    • -3
    • +8
    ./security-procs.tcl
10:57 pm

daveb

use -strict when checking for integer as empty string returns true without it

Options
    • -2
    • +2
    ./security-procs.tcl
7:48 pm

daveb

Fix so if the session renew time is NOT included in the cookie (ie: cookies created before this fix) will be renewed

Options
    • -3
    • +2
    ./security-procs.tcl
5:03 pm

daveb

Include last session renew time in ad_session_id cookie so we can compare expiration independent of validity

Options
    • -17
    • +12
    ./security-procs.tcl
2:24 am

daveb

Don't discard session cookie if its expired, go to login handler.

Options
    • -13
    • +20
    ./security-procs.tcl
Friday 15 Apr 2011
5:16 pm

daveb

Added fix to make session_id cookie persistent if you checked remember me

Options
    • -6
    • +8
    ./security-procs.tcl
Thursday 24 Feb 2011
10:42 am

victorg

Typo on proc docu.

Options
    • -3
    • +3
    ./security-procs.tcl