Ari Luotonen <luotonen@netscape.com> wrote: >Regarding "heuristics" and "guessing" with authentication. > >I believe I wrote the original proposal and spec for basic auth used >in HTTP. I would like to make the point that the intention was that >HTTP basic authentication be hierarchical, and that the rules not be >heuristics, but simply the way it is defined. If the request for: > > http://.../foo/bar > >requires authentication, then the U-A will assume that all documents >starting with the prefix: > > http://.../foo/ > >will require it. It applies to the entire subtree, e.g: > > http://.../foo/baz/xyzzy/hello/world > >Similarly, any document in the server's root directory: > > http://.../foo > >requiring authentication will imply that the whole server is >password-protected, including the index file and any files and >subdirectories: > > http://.../ > http://.../bar Is it also the case that proxy authentication, originally implemented by the Netscape server, has a "template" of "*", i.e., that the same encoded username and password, once establish for a first request, should be used for all subsequent requests via that proxy? Fote ========================================================================= Foteos Macrides Worcester Foundation for Biomedical Research MACRIDES@SCI.WFBR.EDU 222 Maple Avenue, Shrewsbury, MA 01545 =========================================================================Received on Monday, 8 September 1997 12:26:10 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:03 UTC