- From: John Franks <john@math.nwu.edu>
- Date: Sun, 7 Sep 1997 15:53:47 -0500 (CDT)
- To: Foteos Macrides <MACRIDES@sci.wfbr.edu>
- Cc: lawrence@agranat.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
On Sun, 7 Sep 1997, Foteos Macrides wrote: > > It is classic libwww behavior to guess a template for a Basic > realm, and that is current practice for software which has it as a > heritage. Upon reflection and re-reading the spec, yet again, I have no problem with clients guessing authentication credentials based on some heuristic. What heuristic is used is entirely an implementation question and is up to the client implementor. > > If the hiearchy of symbolic elements for the path of the request were > /sym1/sym2/sym3/foo.blah and there were no template indicated (and > it never is, because that header never got into any IETF RFCs :) the > UA guesses /sym1/sym2/sym3/* and depending on subsequent requests > might eventually infer that /sym1/sym2/* is the "correct" template. I believe that there is common current practice which is different from this, but I think there is no need to discuss the algorithm the client uses to pick the template as that is an implementation decision. A sentence in the spec to the effect that "credential guessing" is common current practice might be useful. It might affect how suspicious one should be of failed authentication attempts. John Franks Dept of Math. Northwestern University john@math.nwu.edu
Received on Sunday, 7 September 1997 13:58:18 UTC