On Wed, Oct 10, 2012 at 11:43 AM, <[email protected]> wrote:
> IMHO we should deprecate this module because it does not make sense. The
> documentation says that this approach must always be used with HTTPS
> connections, why not send the name of the user directly.
>
I disagree, since I've seen this approach used in practice a number of
times, and every time it's an opaque key that
gets passed in the URL as an extra parameter. So regardless of whether this
makes sense or not, there is demand for this approach.
Normally the key is a UUID, which makes it rather hard to be remembered if
you happen to see it on someone elses
screen, while a user id is normally pretty easy to memorize
The idea of using a header does not work, this approach is used to make
clients that do not know squat about security
participate in a secured enviroment, and you cannot control the headers of
http requests made by a COTS software,
but the module makes sure that if you use the key in the caps URL, then it
will be replicated in all operation methods
and thus the COTS software will be unwillingly forced to use it at each and
every request.
Cheers
Andrea
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
