Menu
▾
▴
[Webware-discuss] HTTP Authentication revisited
|
From: Ian B. <ia...@co...> - 2002-05-10 03:04:29
|
Okay, now I really want to get HTTP authentication working. Here's where I am: The Zope mod_rewrite style kind of works, but I can't get it to actually set an environmental variable -- either for mod_webkit or WebKit.cgi. You can put the authentication header in the URL as a get variable, though (of course, this is a big ol' security hole -- but at least it shows it kind of works). So this is one problem. With HTTPAdapter.py, of course there is no problem -- it passes everything on. However, either way I don't really know what to do with the value once I get it. If I try to login as test:test in the realm "Password Required", a header like this is sent: Authorization: Basic dGVzdDp0ZXN0 That's the only extra header. It's not plaintext, that's for sure. (Same in Mozilla and NS 4) Does anyone know what to do with this? I can start digging through RFC's, but maybe someone already knows more about this than I do. If I can't figure both these problems out, I can probably do something with one of the authentication modules (dbm or something) that won't be too bad. But it would be nice to figure out a completely in-Webware technique. Ian |