summaryrefslogtreecommitdiff
path: root/wsgitools
AgeCommit message (Collapse)Author
2011-01-12improved AuthDigestMiddleware doc stringHelmut Grohne
2011-01-12scgi.asynchronous catches more errors nowHelmut Grohne
This addresses a disputed denial of service condition described in http://bugs.python.org/issue6706. Note that wsgitools is not hit as hard as pyftplib.
2011-01-12bug fix for StaticContent and CachingMiddlewareHelmut Grohne
PEP333 says that the headers list passed to start_response may be modified by servers or middlewares. In fact this happens in DigestAuthMiddleware. The StaticContent and CachingMiddleware classes did not take this into account and returned the same headers list multiple times which is wrong and can lead to denial of service.
2010-09-04added note about ContentLengthMiddleware's wsgi conformanceHelmut Grohne
2010-09-04CachingMiddleware: automatic cache pruning implementedHelmut Grohne
2010-09-04middlewares.CachingMiddleware: include request method in keyHelmut Grohne
2010-09-02improved digest documentationHelmut Grohne
2010-08-31bugfix: io module from py2.6 provides incompatible StringIOHelmut Grohne
2010-06-04flush log file in RequestLogWSGIFilter by defaultHelmut Grohne
2010-05-29security fix: filters.RequestLogWSGIFilter must escape stringsHelmut Grohne
2010-05-25bugfix: endless loop for closed connection in scgi.forkpoolHelmut Grohne
2010-01-31fix shared default argument to parse_digest_responseHelmut Grohne
2009-10-25observed SocketFileWrapper bug fixedHelmut Grohne
2009-10-25more SocketFileWrapper (forkpool) bugsHelmut Grohne
2009-10-25SocketFileWrapper from forkpool contained more bugsHelmut Grohne
2009-10-25socket.socket.recv requires a parameterHelmut Grohne
2009-10-25extended application.StaticContentHelmut Grohne
It gained the capability to server content to unknown methods. For a backwards-compatible API this has to be enabled by an optional boolean.
2009-08-25added enable_sighandler for scgi.forkpoolHelmut Grohne
2009-07-04two new digest doctestsHelmut Grohne
2009-07-04more docstring/epydoc improvementsHelmut Grohne
2009-06-24fixed an epydoc comment in digestHelmut Grohne
2009-06-24added doctest for DBAPI2NonceStoreHelmut Grohne
2009-06-24added dbapi2 (sql) backed noncestore! yeah :-)Helmut Grohne
2009-06-24except ImportError in filters on importsHelmut Grohne
2009-06-24documented potential overflow in digestHelmut Grohne
2009-06-24auth_response should not return ValueError in digestHelmut Grohne
2009-06-24fixed RequestLogMiddleware to work at allHelmut Grohne
2009-06-23made RequestLogWSGIFilter define attrs in __init__Helmut Grohne
2009-03-29improve digest module (killed isnonce method)Helmut Grohne
Prior to this change the digest module would check whether a nonce looks like a nonce, verify the response and then verify the nonce. This left a bit more room for brute forcing passwords, as the same nonce could be used in arbitrary many tries and a stale response would indicate an authentication success. Now authentication is only tried for valid nonces. This also makes the NonceStoreBase.isnonce method superfluous.
2009-03-29get rid of old builtin longHelmut Grohne
Even Py2.4 can handle large parameters to int, so long is not needed.
2009-03-29quite some changes for py3Helmut Grohne
These changes introduce some compatibility code. They don't make wsgitools usable with Python 3.0, but they also don't break compatibility with Python 2.5.
2009-03-29make digest.gen_rand_str forward compatible (py3)Helmut Grohne
2009-02-27except binascii.Error instead of Exception in middlewaresHelmut Grohne
2009-02-27extract common code to gen_rand_str in digestHelmut Grohne
2009-02-27added more doctests for digest moduleHelmut Grohne
2009-02-27fixed bug in digest.MemoryNonceStore.checknonceHelmut Grohne
2009-02-26made scgi.forkpool wsgi compliant in handling exc_infoHelmut Grohne
2009-02-01wsgi compliance: scgi.asynchronous no longer holds dataHelmut Grohne
2009-02-01added config parameter (for environ) to scgi.forkpoolHelmut Grohne
2009-02-01added config parameter (for environ) to scgi.asynchronousHelmut Grohne
2009-01-31GzipWSGIFilter removes Content-length header if compressingHelmut Grohne
2009-01-31StaticFile uses wsgi.file_wrapper from environ if possibleHelmut Grohne
2008-10-14added some kind of main documentationHelmut Grohne
2008-10-14update docstring: DigestAuth now partly works with forkpoolHelmut Grohne
2008-10-14small digest cleanupHelmut Grohne
2008-10-14extended digest.NonceStoreBase interfaceHelmut Grohne
The methods now take an optional last parameter called ident. It can be used to bind nonces to specific uses within one NonceStore.
2008-10-14added epydoc markup to doc stringsHelmut Grohne
2008-09-24RequestLogWSGIFilter can also log QUERY_STRINGHelmut Grohne
2008-09-22improve commentsHelmut Grohne
2008-09-22make limits in scgi.asynchronous configurableHelmut Grohne