Re: CGI/1.0: last call
Tony Sanders <sanders@bsdi.com>
Errors-To: sanders@bsdi.com
Errors-To: sanders@bsdi.com
Message-id: <199312061758.LAA05294@austin.BSDI.COM>
To: jern@spaceaix.jhuapl.edu
Cc: robm@ncsa.uiuc.edu (Rob McCool), www-talk@nxoc01.cern.ch
Subject: Re: CGI/1.0: last call
In-Reply-To: jern@spaceaix.jhuapl.edu's message of Mon, 06 Dec 1993 08:56:01 EST.
Errors-To: sanders@bsdi.com
Reply-To: www-talk@nxoc01.cern.ch
Organization: Berkeley Software Design, Inc.
Date: Mon, 06 Dec 1993 11:58:41 -0600
From: Tony Sanders <sanders@bsdi.com>
bobj <jern@spaceaix.jhuapl.edu> writes:
> Authentication must be the responsibility of the script writer. While
Authentication must be the responsibility of the server. If you want to
easily extend the possible authentication schemes then define a spec for
authentication scripts, but they should remain seperate from normal scripts,
which should not have to deal with authentication, that would be a HUGE
security hole.
--sanders