Up to [LON-CAPA] / loncom / auth
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Current tag: conference_2003
This took way longer then it should have. lonracc and lontokacc will now be accepting when one of two conditions is met: * The double-reverse lookup, according to $r->get_remote_host(REMOTE_DOUBLE_REV) is successful. This is identical to before. * The claimed host is the same as the current server, which works even with wonky /etc/hosts files. I was initially worried this might be a potential security problem, but I do not believe it is. The reason is that this clause ONLY comes into effect when you're trying to spoof yourself as the server you are talking to. Even if you succeed, the server will then proceed to send itself a subscription request, which is not a big deal, PLUS the reason this is occuring in the first place is that the name maps back to 127.0.0.1, SO this request will go through the local interface anyhow, meaning Mr. Remote Attacker can't even see the subscription request that wouldn't help him anyhow. So in the end, all this does is hypothetically allow an attacker to cause a server machine to subscribe itself to resources it hosts. This does not give the hypothetical attacker any benefit. Thus, this is not a security hole.