W3C home > Mailing lists > Public > public-qa-dev@w3.org > January 2003

Re: [checklink] HTTP basic authentication

From: Olivier Thereaux <ot@w3.org>
Date: Fri, 24 Jan 2003 10:20:41 +0900
To: public-qa-dev@w3.org
Message-Id: <0DF6864F-2F3A-11D7-8330-000393BAB03A@w3.org>

Ville,

On Friday, Jan 24, 2003, at 05:30 Asia/Tokyo, Ville Skyttä wrote:
> Sanity checking myself, how does this sound to you:
>
> 1) The default is the hostname (or domain) of the first encountered
>    resource requiring basic authentication.  Hostname or domain?

Hostname is the safe side. As a user, I'd be happy if it were the 
domain, but... On the other hand, a few agents I know try what they 
have in their keychain for the domain when prompted for auth. This is a 
point worth discussing on w-v, maybe.


> 2) We can't ask this multiple times in the online version.  Actually, 
> we
>    can only ask it before any output has been sent, which means that it
>    is supported only for resources in the same domain|hostname as the
>    initial URI.

Sounds good.

> 3) The command line version could ask it multiple times whenever
>    needed, unless a "trusted domain" was given in the command line.
>    If it was, only forward the credentials to the matching resources,
>    and don't prompt for others while checking.

[disclaimer - never used the cmdline version] is there an option for 
"cron'd" mode? I assume some people want the script to run totally 
not-interactively, so there should be an option for this, other than 
giving a trusted domain.

> 4) Of course, there could be an input field for the regexp in the 
> online
>    version, but IMHO that's overkill.

Agreed.

-- 
Olivier
Received on Thursday, 23 January 2003 20:20:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 August 2010 18:12:43 GMT