How about an authentication plugin structure that would allow one to load their own authentication method.
HTTP-Auth against a database, HTTP-Auth against a flat-file, HTTP-Auth against LDAP, etc. Digest, Certificate, Session Auth, etc. At least in the long run, it would be much more flexible. The problems I have with HTTP-Auth are actually forcing me to go in the direction of Session mananged Authentication for a number of reasons -- but those are particular issues that my clients deal with. HTTP-Auth has no decent way of maintaining 1 User, 1 Session. HTTP-Auth is easily probed by automated tools (not that they cannot be developed for other methods). Poor Realm support (user education issue here) On Fri, 2003-10-31 at 11:52, Zoran Vasiljevic wrote: > On Friday 31 October 2003 17:07, you wrote: > > Not really. > > > > I need to do HTTP authentication. I could write an HTTP authentication > > implementation and register that as a filter, but I'd rather not. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
