Menu
▾
▴
Re: [Exist-development] The authentication service
|
From: Dmitriy S. <sha...@gm...> - 2010-01-08 16:35:50
|
On Fri, 2010-01-08 at 16:44 +0100, Dannes Wessels wrote: > Heho,. > > passwords in an URL is a bad design... should probably be done via > POST (urlencoded or multipart) for bia Basic Authentication (or like > technology_ ? yes, it'll process POST too. > what are the immediate implication of this change? 1. make API simple: <form action="$url/j_security_check" method="post"> Username: <input name="exist_username" type="text"/><br> Password: <input name="exist_password" type="password"/><br> <input type="submit"/> </form> 2. "secure urls" - only some users have access to it. 3. resolve issue with long sessions 4. integrate pluggable security modules (openid) 5. login-form (url) + errors-form (url) 6. ... > what will not work anymore? jetty's authentication service $url/j_security_check?j_username=.&ej_password=. -- Cheers, Dmitriy Shabanov PS most all can be found @ http://exist.svn.sourceforge.net/viewvc/exist/branches/shabanovd/access_control/ |
