On Tue, Sep 17, 2002 at 10:26:02AM -0700, Aaron Bannert wrote: > On Tue, Sep 17, 2002 at 01:00:44PM -0400, Ryan Bloom wrote: > > > Does that make any sense? I'm certain you will have users misconfigure > > > the 'backstop' modules (_default flavors) resulting in insecure servers. > > > If the 'backstop' _default auth handlers are always loaded as part of the > > > core mod_auth, users will have far fewer problems. > > > > I almost like this, but I wouldn't put it mod_auth. I would put them in > > the core. The core server has always been the location for our default > > functions. > > +1 for the core, or at least a module that's always statically compiled > (which is easy to do with the .m4 macros we have).
Well... as long as "core" means modules/http/. But since our running of auth hooks comes from server/, then this stuff could prolly go there as well. IMO, it sucks that our "core" server knows about HTTP authentication and authorization. In general: sure, this stuff makes some sense in the core rather than default modules. Cheers, -g -- Greg Stein, http://www.lyra.org/
