Hi Berend, Thanks for the REST auth link - very interesting.
You propose a solution which requires changes to httpd.conf, browser workarounds, adding user accounts manually via htdigest (? if I've understood correctly), and rewrite maps which also require apache changes. In addition, the solution raises issues with the consistency of log outs across browsers. Many of us work on projects in a shared hosting environment (or ones in which we don't always have direct access to apache conf), unfortunately this approach isn't quite as 'accessible' from a development point of view as the usual auth, and so would need to pose significant advantages in order to justify it's implementation. Given that your proposed solution is arguable far more complex, I'm struggling to see the benefits against standard application / session-based security. Would you be able to outline what you see the benefits being? Many thanks, Paul --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
