- From: Foteos Macrides <MACRIDES@sci.wfbr.edu>
- Date: Mon, 08 Sep 1997 15:21:55 -0500 (EST)
- To: luotonen@netscape.com
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Ari Luotonen <luotonen@netscape.com> wrote: >Regarding "heuristics" and "guessing" with authentication. > >I believe I wrote the original proposal and spec for basic auth used >in HTTP. I would like to make the point that the intention was that >HTTP basic authentication be hierarchical, and that the rules not be >heuristics, but simply the way it is defined. If the request for: > > http://.../foo/bar > >requires authentication, then the U-A will assume that all documents >starting with the prefix: > > http://.../foo/ > >will require it. It applies to the entire subtree, e.g: > > http://.../foo/baz/xyzzy/hello/world > >Similarly, any document in the server's root directory: > > http://.../foo > >requiring authentication will imply that the whole server is >password-protected, including the index file and any files and >subdirectories: > > http://.../ > http://.../bar Is it also the case that proxy authentication, originally implemented by the Netscape server, has a "template" of "*", i.e., that the same encoded username and password, once establish for a first request, should be used for all subsequent requests via that proxy? Fote ========================================================================= Foteos Macrides Worcester Foundation for Biomedical Research MACRIDES@SCI.WFBR.EDU 222 Maple Avenue, Shrewsbury, MA 01545 =========================================================================
Received on Monday, 8 September 1997 12:26:10 UTC