Hi all, I just committed into master the HTTP auth support initiated by Tim and continued by both.
It contains 1. HTTP basic support 2. HTTP digest support (resistant to replay attacks since nonces expire) 3. Added a HttpAuthProtected LocParam so you can specify if a Loc is protected by HTTP authentication David, momentarily I left the auth verification embedded in LiftServlet. I know you prefer using stateless DispatchPf but IMHO using this we may have some gaps if users prepends his own stateless DispatchPf which may potentially be called before auth checkups leading to some security wholes. I'm totally opened to alternative suggestions so please let me know your thoughts. Tim, would you please commit into the sites your auth example application? Br's, Marius --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
