I had HTTP basic and digest auth in mind. They both can be implemented pretty easily without adding external dependencies and with a reasonable amount of code. Everything more advanced is straight out of scope for quark. Thanks for suggesting basic! I wasn't sure about it, as it's pretty insecure nowadays. But I acknowledge that, for quark's use cases, it is perfectly reasonable.
Best regards. José Miguel On Thu, Oct 22, 2020 at 9:42 PM Hiltjo Posthuma <[email protected]> wrote: > > On Thu, Oct 22, 2020 at 08:52:27PM +0200, José Miguel Sánchez García wrote: > > Hello, > > > > I'm currently serving my static webpage with quark. I want to add some > > CGI, but the opinion here about CGI support in the server is pretty > > low. I'm trying to update the basecgi patch, but the latest changes > > adding interruptibility seem to complicate the design (the goals of > > these two are kinda opposite to what CGI does right? I mean, these are > > about memory-bounded operation and CGI scripts can generate > > arbitrarily long data, which must be known before even generating the > > response header). I have no experience with HTTP whatsoever, so I want > > to hear better-informed opinions ;) > > > > About authentication, I think it is a pretty useful feature. I'll > > investigate how to implement it properly (abusing file system > > ownership/permissions, through a table of auth realms in config.h, > > command line parameters... Again, I'd like to hear more opinions) and > > upload it as a patch. Is it interesting enough to include it upstream? > > > > Best regards. > > José Miguel > > > > Hi Miguel, > > I'd use HTTP Basic Auth. It's just a simple HTTP header. > > https://tools.ietf.org/html/rfc7617 > > -- > Kind regards, > Hiltjo >
