home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.protocols.tcp-ip      TCP and IP network protocols.      14,669 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 12,949 of 14,669   
   Barry Margolin to skillzero@gmail.com   
   Re: Forcing HTTP server to authenticate    
   28 Jun 09 22:50:10   
   
   51b6f885   
   From: barmar@alum.mit.edu   
      
   In article   
   ,   
    "skillzero@gmail.com"  wrote:   
      
   > Is there a reliable way for a client to initiate HTTP authentication?   
   > For example, a server might allow unauthenticated access to /status to   
   > show public status info, but if it might also show user-specific   
   > status if the request is authenticated. I can think of hacks that   
   > might work, such as adding an "Authorization" header with bad info,   
   > hoping that the server will send me back a 401 Unauthorized response   
   > with a nonce, etc. so I can authorize. But that doesn't seem very   
   > good.   
   >   
   > I didn't see anything in reading RFC 2617, but maybe I missed   
   > something.   
      
   It seems to me that this is just bad web site design.  How would anyone   
   ever see the user-specific stuff if the site doesn't request   
   authentication?   
      
   --   
   Barry Margolin, barmar@alum.mit.edu   
   Arlington, MA   
   *** PLEASE don't copy me on replies, I'll read them in the group ***   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca