After consideration, the basic authentication implementation has been
simplified to only support bcrypt entries in an htpasswd file. This greatly
increases the security of the implementation by reducing the possibility of
timing attacks and other problems trying to detect the password hash type.
Also, the htpasswd file is only parsed at startup, ensuring that the file can
be edited and not effect ongoing requests. Newly added passwords take effect on
restart. Subsequently, password hash entries are now stored in a map.
Test cases have been modified accordingly.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This change refactors the basic authentication implementation to better follow
Go coding standards. Many types are no longer exported. The parser is now a
separate function from the authentication code. The standard functions
(*http.Request).BasicAuth/SetBasicAuth are now used where appropriate.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This patch ensures no auth headers are set for v1 registries if there
was a 302 redirect.
This also ensures v2 does not use authTransport.
Signed-off-by: Tibor Vass <tibor@docker.com>
- commenting out both the "JSON" and "token" specs, unless someone thinks they should be here
- added help, glossary, introduction and authentication documents
Signed-off-by: Olivier Gambier <olivier@docker.com>
- adding glossary
- removing empty "advanced"
- commenting out building and architecture for now
- minor text enhancements
Signed-off-by: Olivier Gambier <olivier@docker.com>
Simplified index again, to make access to information more obvious and more direct.
Added a TLDR for people in a hurry.
Signed-off-by: Olivier Gambier <olivier@docker.com>
Use cases, generalities, image naming overview.
Removed most of it from index, and some of it from other random pages.
Signed-off-by: Olivier Gambier <olivier@docker.com>
This clarifies the importance of properly setting a Go build environment when
building targets. Typically, users seem to editorialize the checkout location,
either ignoring the first section or have limited experience with the Go
development environment. We clarify the checkout requirements and point to the
documentation on how to setup Go.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
In the request parameters lists `tag` was used instead of
`reference` present in the HTTP requests paths
Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net>
In the request parameters lists `tag` was used instead of
`reference` present in the HTTP requests paths
Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net>
