W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 1997

Re: Basic Authentication behavior

From: Ari Luotonen <luotonen@netscape.com>
Date: Mon, 8 Sep 1997 10:58:30 -0700 (PDT)
Message-Id: <199709081758.KAA20091@step.mcom.com>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4360

Regarding "heuristics" and "guessing" with authentication.

I believe I wrote the original proposal and spec for basic auth used
in HTTP.  I would like to make the point that the intention was that
HTTP basic authentication be hierarchical, and that the rules not be
heuristics, but simply the way it is defined.  If the request for:


requires authentication, then the U-A will assume that all documents
starting with the prefix:


will require it.  It applies to the entire subtree, e.g:


Similarly, any document in the server's root directory:


requiring authentication will imply that the whole server is
password-protected, including the index file and any files and


Ari Luotonen, Mail-Stop MV-061		Opinions my own, not Netscape's.
Netscape Communications Corp.		ari@netscape.com
501 East Middlefield Road		http://people.netscape.com/ari/
Mountain View, CA 94043, USA		Netscape Proxy Server Development
Received on Monday, 8 September 1997 11:02:18 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:03 UTC