On 3/7/2010 11:11 PM, Stuart Johnston wrote:
Pass userid and a hash of userid and password.
The server uses the password to hash userid and password and tests for
equality.
That's something similar to what Amazon and others do.
The idea here is to add support for Basic HTTP Authentication, the sort
of thing that is built into the web server. I think that most people who
need authentication with Gofer just use the standard DBI authentication
through to the database. The reason that we need HTTP Auth is that we
are adding Gofer to an existing XML-RPC environment and we want to use
the same auth for both.
Ah ok, I misunderstood the requirements. It's well known that HTTP Basic
is worthless as a secure authentication system, but if the goal is to
support it, sure. :)
