distribution/registry/auth
Stephen J Day ffd3662982 Harden basic auth implementation
After consideration, the basic authentication implementation has been
simplified to only support bcrypt entries in an htpasswd file. This greatly
increases the security of the implementation by reducing the possibility of
timing attacks and other problems trying to detect the password hash type.

Also, the htpasswd file is only parsed at startup, ensuring that the file can
be edited and not effect ongoing requests. Newly added passwords take effect on
restart. Subsequently, password hash entries are now stored in a map.

Test cases have been modified accordingly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-10 19:38:56 -07:00
..
basic Harden basic auth implementation 2015-06-10 19:38:56 -07:00
silly Add auth.user.name to logging context 2015-04-15 10:34:24 -07:00
token fix some typos in source comments 2015-04-17 12:39:52 +00:00
auth.go fix some typos in source comments 2015-04-17 12:39:52 +00:00