Re: Basic Authentication behavior
Foteos Macrides (MACRIDES@sci.wfbr.edu)
Mon, 08 Sep 1997 15:21:55 -0500 (EST)
Ari Luotonen <luotonen@netscape.com> wrote:
>Regarding "heuristics" and "guessing" with authentication.
>
>I believe I wrote the original proposal and spec for basic auth used
>in HTTP. I would like to make the point that the intention was that
>HTTP basic authentication be hierarchical, and that the rules not be
>heuristics, but simply the way it is defined. If the request for:
>
> http://.../foo/bar
>
>requires authentication, then the U-A will assume that all documents
>starting with the prefix:
>
> http://.../foo/
>
>will require it. It applies to the entire subtree, e.g:
>
> http://.../foo/baz/xyzzy/hello/world
>
>Similarly, any document in the server's root directory:
>
> http://.../foo
>
>requiring authentication will imply that the whole server is
>password-protected, including the index file and any files and
>subdirectories:
>
> http://.../
> http://.../bar
Is it also the case that proxy authentication, originally
implemented by the Netscape server, has a "template" of "*", i.e.,
that the same encoded username and password, once establish for a
first request, should be used for all subsequent requests via that
proxy?
Fote
=========================================================================
Foteos Macrides Worcester Foundation for Biomedical Research
MACRIDES@SCI.WFBR.EDU 222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================