On Thu, Jun 29, 2017 at 5:17 PM, Brian Bouterse <[email protected]> wrote:
> Also what about content protection? Are we going to use redirects with > time-bombed urls? Or are we expecting the cert verification to occur twice > (once for the initial request, and again to follow the 301 redirect)? > I don't think there will be any redirects for normal use cases, such as serving RPMs. The initial request will receive a response that contains the file. The underlying mechanism will either be the x-sendfile one, or an inefficient python one as you described. > I also want to make a similar point here about carrying a content > protection feature in Pulp and not relying on Apache exclusively for it. As > a developer I should be able to have the same content protection features > with runserver as you do with Apache so that developer environment are > fully functional with runserver. > This is tricky. Trying to do our own SSL logic has been difficult in the past, which is why we did our best to offload client certificate authentication to httpd. I'm happy to explore the options, but I don't think we need to re-implement every httpd feature we want to use, especially when it comes to authentication. Speaking of, we are also planning to use httpd modules to integrate with third-party identity management for REST API authentication, and I similarly don't think we need to re-implement that in python. But I'm with you that we should try to keep the development server useful, and also retain the option to run Pulp with something other than httpd. -- Michael Hrivnak Principal Software Engineer, RHCE Red Hat
_______________________________________________ Pulp-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-dev
