Loading ...
Sorry, an error occurred while loading the content.

Re: [rest-discuss] Hacking HTTP Authentication with mod_perl

Expand Messages
  • S. Mike Dierken
    This is very cool. HTTP authentication does not provide an easy way of logging out. This is actually a browser bug, however with no active development from
    Message 1 of 4 , Mar 31, 2004
    • 0 Attachment
      This is very cool.

      "HTTP authentication does not provide an easy way of logging out. This is
      actually a browser bug, however with no active development from microsoft on
      Internet Explorer, you can't really count on browsers very much. "
      Is this only a bug with IE? Do other browsers support easily logging out? If
      this is a browser bug, what part of the protocol is the browser not
      supporting correctly?

      Why is it that HTTP doesn't define request or response headers that allow
      application authors to control things that they obviously want to control?
      Like setting and clearing auth headers in order to avoid modifying URIs. I
      imagine a 'set auth header' response would do the trick - a login.html page
      would let a user enter username/password in a pretty page, then the request
      handler would check the validity and respond with a server-generated token
      for further auth. Maybe a new auth-type of 'server' in addition to 'basic'
      or something.

      Should we spin something up? Maybe take a crack at implementing it in
      Mozilla?

      ----- Original Message -----
      From: "Chris Croome" <chris@...>
      To: <rest-discuss@yahoogroups.com>
      Sent: Wednesday, March 31, 2004 3:02 AM
      Subject: [rest-discuss] Hacking HTTP Authentication with mod_perl


      > Hi
      >
      > There is an interesting document here:
      >
      > Hacking HTTP Authentication with mod_perl
      >
      > http://wiki.slugbug.org.uk/HTTP_Authentication
      >
      > Which basically explain how to set up logging in and out using HTTP
      > Authentication.
      >
      > The inability to log out and in again is often cited as the reason
      > for using cookie and form of authentication.
      >
      > Chris
      >
      > --
      > Chris Croome <chris@...>
      > web design http://www.webarchitects.co.uk/
      > web content management http://mkdoc.com/
      >
      >
      >
      >
      > Yahoo! Groups Links
      >
      >
      >
      >
      >
      >
    • Jon Hanna
      ... I played with doing similar things in ASP some time ago (the code, if it exists at all, is on a hard drive in the hands of the receiver handling the demise
      Message 2 of 4 , Apr 2, 2004
      • 0 Attachment
        > There is an interesting document here:
        >
        > Hacking HTTP Authentication with mod_perl
        >
        > http://wiki.slugbug.org.uk/HTTP_Authentication
        >
        > Which basically explain how to set up logging in and out using HTTP
        > Authentication.
        >
        > The inability to log out and in again is often cited as the reason
        > for using cookie and form of authentication.

        I played with doing similar things in ASP some time ago (the code, if it exists
        at all, is on a hard drive in the hands of the receiver handling the demise of
        my former employers, but if I ever get to see it again I'll share).

        I found that playing with the authentication this could cause issues with some
        tools (InterDev at least) that used authentication and expected the server to
        be handling it in the default manner.

        --
        Jon Hanna
        <http://www.hackcraft.net/>
        "…it has been truly said that hackers have even more words for
        equipment failures than Yiddish has for obnoxious people." - jargon.txt
      Your message has been successfully submitted and would be delivered to recipients shortly.