distribution/registry
Stephen J Day ffd3662982 Harden basic auth implementation
After consideration, the basic authentication implementation has been
simplified to only support bcrypt entries in an htpasswd file. This greatly
increases the security of the implementation by reducing the possibility of
timing attacks and other problems trying to detect the password hash type.

Also, the htpasswd file is only parsed at startup, ensuring that the file can
be edited and not effect ongoing requests. Newly added passwords take effect on
restart. Subsequently, password hash entries are now stored in a map.

Test cases have been modified accordingly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-10 19:38:56 -07:00
..
api/v2 Merge pull request #599 from stevvooe/clarify-deletion-by-digest-constraint 2015-06-08 19:04:53 -07:00
auth Harden basic auth implementation 2015-06-10 19:38:56 -07:00
client Merge pull request #556 from stevvooe/remove-uuid-dependency 2015-05-26 10:39:35 -07:00
handlers Harden basic auth implementation 2015-06-10 19:38:56 -07:00
listener [Server] Listen and serve on a unix socket 2015-05-11 16:00:14 +03:00
middleware Rename top level registry interface to namespace 2015-04-09 19:21:33 -07:00
storage Fix rados build, remove uuid dependency 2015-06-01 09:57:40 +00:00
doc.go Integrate layer info cache with registry and storage 2015-04-02 20:15:16 -07:00