Re: Basic Authentication behavior

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Foteos Macrides: "Re: Basic Authentication behavior"
• Previous message: Koen Holtman: "Re: FW: revised trusted cookie spec"
• In reply to: Scott Lawrence: "Re: Basic Authentication behavior"
• Next in thread: Foteos Macrides: "Re: Basic Authentication behavior"

Regarding "heuristics" and "guessing" with authentication.

I believe I wrote the original proposal and spec for basic auth used
in HTTP.  I would like to make the point that the intention was that
HTTP basic authentication be hierarchical, and that the rules not be
heuristics, but simply the way it is defined.  If the request for:

	http://.../foo/bar

requires authentication, then the U-A will assume that all documents
starting with the prefix:

	http://.../foo/

will require it.  It applies to the entire subtree, e.g:

	http://.../foo/baz/xyzzy/hello/world

Similarly, any document in the server's root directory:

	http://.../foo

requiring authentication will imply that the whole server is
password-protected, including the index file and any files and
subdirectories:

	http://.../
	http://.../bar

Cheers,
--
Ari Luotonen, Mail-Stop MV-061		Opinions my own, not Netscape's.
Netscape Communications Corp.		ari@netscape.com
501 East Middlefield Road		http://people.netscape.com/ari/
Mountain View, CA 94043, USA		Netscape Proxy Server Development

• Next message: Foteos Macrides: "Re: Basic Authentication behavior"
• Previous message: Koen Holtman: "Re: FW: revised trusted cookie spec"
• In reply to: Scott Lawrence: "Re: Basic Authentication behavior"
• Next in thread: Foteos Macrides: "Re: Basic Authentication behavior"