This raises another subject which I think is important: Why didn't someone warn me about the morass I was about to step into before I went ahead and stepped into it? For some reason we give each other too few warnings about bad code and immature technologies. I do not know the answer but I write now to raise this subject.
None of the documentation which I have found about HTTP authentication has suggested to me that I should avoid it. Most of the documentation seems to imply that it works as advertised.
Libertarians (of which I consider myself one) like to cite the Underwriters Laboratory (UL) as an example of a voluntarily formed standards organization. As the story is told, the manufacturers of electrical appliances understood that they needed standards for safety, and so they formed an organization to police themselves. They grant the UL seal of approval only to appliances which meet their standards.
We really need a UL of software.
I can speculate about why our media remain so silent about unusable code. It could be that we are organized (although informally and unconsciously for the most part) against a common foe, and that we dare speak no evil about the works among us for fear that will weaken our organization against the greater danger. But I am just guessing.
Rich Hammer
Christopher L Merrill wrote:
Richard O. Hammer wrote:Do very few Java web apps use HTTP-based authentication because it so flaky as to be almost useless for any serious application?
IMO, yes. This is not limited to java-based web apps. We see a lot of different types of apps (JSP, ASP, Cold Fusion, Oracle, etc) from our customers and HTTP-based auth is pretty rare.
_______________________________________________ Juglist mailing list [EMAIL PROTECTED] http://trijug.org/mailman/listinfo/juglist_trijug.org
