W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 1998

RE: domain attribute in digest auth

From: Paul Leach <paulle@microsoft.com>
Date: Sat, 3 Oct 1998 16:19:21 -0700
Message-Id: <CB6657D3A5E0D111A97700805FFE65875D7795@RED-MSG-51>
To: "'Ronald.Tschalaer@psi.ch'" <Ronald.Tschalaer@psi.ch>, HTTP-WG@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/90 


> -----Original Message-----
> From: Ronald.Tschalaer@psi.ch [mailto:Ronald.Tschalaer@psi.ch]
> Sent: Thursday, October 01, 1998 1:12 AM
> To: HTTP-WG@hplb.hpl.hp.com
> Subject: Re: domain attribute in digest auth
> 
> 
> 
> One question concerning the domain attribute: suppose the 
> challenge from
> http://foo.bar/blah contains the attribute 
> `domain="http://other.baz/"'.
> Is the browser to take that to mean that on foo.bar *only* /blah is in
> the protection space?

Yes.

 If so, would sending 
> `domain="http://0.0.0.0/"' be
> valid way of saying that only a single URI on the server is 
> in the given
> protection space?

Assuming that 0.0.0.0 is an illegal or "never used" IP address, yes.

Paul
Received on Saturday, 3 October 1998 16:22:04 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:05 UTC