authentication cleanups

Tony Sanders (sanders@earth.com)
Thu, 10 Nov 1994 00:56:44 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniel W. Connolly: "Re: authentication cleanups"
Previous message: Steve H Rose: "Re: HTML Specs."
Next in thread: Daniel W. Connolly: "Re: authentication cleanups"

Perhaps servers should return a indication of what area is
covered by the authentication. For example:

Client:
GET /protected/recipies/secret-sauce/ingredients HTML/1.0
...
Server:
401 Unauthorized
WWW-Authenticate: Basic realm="burgers_and_fries"
WWW-Realm-Partial: /protected/recipies/, /protected/foods/
...
Client:
GET /protected/recipies/secret-sauce/ingredients HTML/1.0
Authorization: Basic mickeyd:passwd
...

And now the client knows that it is ok to send the username/password on
an access to /protected/recipies/fries or /protected/foods/fries but that
should the user select something in /protected/payroll/* then it would
*not* send the users password to that area because they would probably
generate a security warning being issued.

Does this make sense?

Next message: Daniel W. Connolly: "Re: authentication cleanups"
Previous message: Steve H Rose: "Re: HTML Specs."
Next in thread: Daniel W. Connolly: "Re: authentication cleanups"