- From: Ari Luotonen <luotonen@netscape.com>
- Date: Mon, 8 Sep 1997 10:58:30 -0700 (PDT)
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Regarding "heuristics" and "guessing" with authentication. I believe I wrote the original proposal and spec for basic auth used in HTTP. I would like to make the point that the intention was that HTTP basic authentication be hierarchical, and that the rules not be heuristics, but simply the way it is defined. If the request for: http://.../foo/bar requires authentication, then the U-A will assume that all documents starting with the prefix: http://.../foo/ will require it. It applies to the entire subtree, e.g: http://.../foo/baz/xyzzy/hello/world Similarly, any document in the server's root directory: http://.../foo requiring authentication will imply that the whole server is password-protected, including the index file and any files and subdirectories: http://.../ http://.../bar Cheers, -- Ari Luotonen, Mail-Stop MV-061 Opinions my own, not Netscape's. Netscape Communications Corp. ari@netscape.com 501 East Middlefield Road http://people.netscape.com/ari/ Mountain View, CA 94043, USA Netscape Proxy Server Development
Received on Monday, 8 September 1997 11:02:18 UTC