Henri Asseily
Sun, 07 Mar 2010 23:07:51 -0800
On 3/7/2010 11:11 PM, Stuart Johnston wrote:
Pass userid and a hash of userid and password. The server uses the password to hash userid and password and tests for equality. That's something similar to what Amazon and others do.The idea here is to add support for Basic HTTP Authentication, the sort of thing that is built into the web server. I think that most people who need authentication with Gofer just use the standard DBI authentication through to the database. The reason that we need HTTP Auth is that we are adding Gofer to an existing XML-RPC environment and we want to use the same auth for both.
Ah ok, I misunderstood the requirements. It's well known that HTTP Basic is worthless as a secure authentication system, but if the goal is to support it, sure. :)