CGI/1.0: last call (ts)
Date: Sat, 11 Dec 93 11:50:39 +0100
From: (ts)
Message-id: <>
In-reply-to: Bill Janssen's message of Fri, 10 Dec 1993 18:48:51 PST <>
Subject: CGI/1.0: last call

> Interesting.  I just returned from a meeting where various security
> experts impressed on me just how bad an idea that is, as it increases
> the amount of code in the "Trusted Computing Base" unmanageably.  They
> felt that such a system could never be rated secure.

 You are right. But the problem is : authentication protocol of WWW (a la
un*x) is perhaps good enough for HTTP/0.9, but is not adapted for HTTP/1.0
particulary for method PUT, POST, DELETE.

 Actually I prefer write a script with a better authentication rather than
use WWW to do it.

 Put under "/htauth" specific scripts for authentication and don't use
this basic authentication protocol.

Guy Decoux