Henri Asseily wrote:
On 3/7/2010 3:50 PM, Tim Bunce wrote:
On Fri, Mar 05, 2010 at 01:58:52PM -0600, Stuart Johnston wrote:
I am exploring a few different options for adding authentication
support to Gofer::Transport::http and I would appreciate any
feedback.
The most straightforward option is to add several attributes
(netloc, realm, http_user, and http_password) that would be passed
to the $useragent->credentials. These could be specified in the DSN
or in %attrs (using the go prefix). This is the style that we are
currently using in our dev code.
I think that most people don't usually think about the netloc and
realm when using http auth, from the client side. It would be
possible to avoid setting these by subclassing LWP::UserAgent and
the get_basic_credentials method.
Another option would be to specify the username and password in the
URL, (http://userid:passw...@example.com/). The big advantage here
is that the DBI distribution would not need to be touched. However,
some people may have concerns about potential security issues with
this method.
Either, or both, of the first two sounds good. Plus some docs of course.
Send me a patch, or send me your your https://svn.perl.org/accounts/
username and I'll give you a commit bit.
Thanks!
Tim.
Pass userid and a hash of userid and password.
The server uses the password to hash userid and password and tests for
equality.
That's something similar to what Amazon and others do.
The idea here is to add support for Basic HTTP Authentication, the sort
of thing that is built into the web server. I think that most people
who need authentication with Gofer just use the standard DBI
authentication through to the database. The reason that we need HTTP
Auth is that we are adding Gofer to an existing XML-RPC environment and
we want to use the same auth for both.
thanks,
Stuart
