[EMAIL PROTECTED] wrote: > > Opinions - not on what happens to day in 1.3 but what should happen in a > perfect world: > > Given a config like this: > > <Directory /my/secrets> > AuthType basic > AuthName Restricted area > </Directory> > > What should happen ? Allowed in with, or without a password ? What would > users feel as most logical ?
DON'T second-guess them. Since no restrictions have been put in place, don't try to apply any. There may be Auth*File and Require directives in .htaccess files within the above scope -- you don't know. > <Directory /my/secrets> > AuthType basic > AuthName Restricted area > <Limit POST> > require valid-user > </Limit> > </Directory> > > Same here when using a GET. (Note - I've not even started with 'allow > from' or 'satisfy any complexity). Do exactly what it says to do, no more and no less: only apply restrictions for POST requests. Maybe it isn't what they intended, but trying to be smarter that the user will not only get us in trouble, but will also treble the confusion and support queries in an already confusing area. -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!"
