W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Basic Authentication behavior

From: Foteos Macrides <MACRIDES@sci.wfbr.edu>
Date: Mon, 08 Sep 1997 15:21:55 -0500 (EST)
To: luotonen@netscape.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <01INEKFH4WIA000DWQ@SCI.WFBR.EDU>
Ari Luotonen <luotonen@netscape.com> wrote:
>Regarding "heuristics" and "guessing" with authentication.
>
>I believe I wrote the original proposal and spec for basic auth used
>in HTTP.  I would like to make the point that the intention was that
>HTTP basic authentication be hierarchical, and that the rules not be
>heuristics, but simply the way it is defined.  If the request for:
>
>	http://.../foo/bar
>
>requires authentication, then the U-A will assume that all documents
>starting with the prefix:
>
>	http://.../foo/
>
>will require it.  It applies to the entire subtree, e.g:
>
>	http://.../foo/baz/xyzzy/hello/world
>
>Similarly, any document in the server's root directory:
>
>	http://.../foo
>
>requiring authentication will imply that the whole server is
>password-protected, including the index file and any files and
>subdirectories:
>
>	http://.../
>	http://.../bar

	Is it also the case that proxy authentication, originally
implemented by the Netscape server, has a "template" of "*", i.e.,
that the same encoded username and password, once establish for a
first request, should be used for all subsequent requests via that
proxy?

				Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 MACRIDES@SCI.WFBR.EDU         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
Received on Monday, 8 September 1997 12:26:10 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:00 EDT