Chill Richard, Just use Form based authentication. Why write a new solution to something that was solved years ago?
> From: "Richard O. Hammer" <[EMAIL PROTECTED]> > Reply-To: "Research Triangle Java User's Group mailing > list."<[EMAIL PROTECTED]> > Date: Sat, 10 Apr 2004 10:11:49 -0400 > To: "Research Triangle Java User's Group mailing list."<[EMAIL PROTECTED]> > Subject: [Juglist] too few warnings among us about bad code -- was about HTTP > authentication > > I have recently spent about a week trying to make HTTP authentication > work satisfactorily in my web app. I am beginning to think that the > wise thing to do is sidestep HTTP authentication. Probably I need to > write my own authentication procedures instead. > > This raises another subject which I think is important: Why didn't > someone warn me about the morass I was about to step into before I > went ahead and stepped into it? For some reason we give each other > too few warnings about bad code and immature technologies. I do not > know the answer but I write now to raise this subject. > > None of the documentation which I have found about HTTP authentication > has suggested to me that I should avoid it. Most of the documentation > seems to imply that it works as advertised. > > Libertarians (of which I consider myself one) like to cite the > Underwriters Laboratory (UL) as an example of a voluntarily formed > standards organization. As the story is told, the manufacturers of > electrical appliances understood that they needed standards for > safety, and so they formed an organization to police themselves. They > grant the UL seal of approval only to appliances which meet their > standards. > > We really need a UL of software. > > I can speculate about why our media remain so silent about unusable > code. It could be that we are organized (although informally and > unconsciously for the most part) against a common foe, and that we > dare speak no evil about the works among us for fear that will weaken > our organization against the greater danger. But I am just guessing. > > Rich Hammer > > > > Christopher L Merrill wrote: >> Richard O. Hammer wrote: >>> Do very few Java web apps use HTTP-based authentication because it so >>> flaky as to be almost useless for any serious application? >> >> IMO, yes. This is not limited to java-based web apps. We see >> a lot of different types of apps (JSP, ASP, Cold Fusion, Oracle, >> etc) from our customers and HTTP-based auth is pretty rare. > > > _______________________________________________ > Juglist mailing list > [EMAIL PROTECTED] > http://trijug.org/mailman/listinfo/juglist_trijug.org _______________________________________________ Juglist mailing list [EMAIL PROTECTED] http://trijug.org/mailman/listinfo/juglist_trijug.org
