On Thu, 2017-06-29 at 18:48 -0400, Michael Hrivnak wrote: > > > I also want to make a similar point here about carrying a content > > protection feature in Pulp and not relying on Apache exclusively for it. As > > a developer I should be able to have the same content > > protection features with runserver as you do with Apache so that developer > > environment are fully functional with runserver. > > > > This is tricky. Trying to do our own SSL logic has been difficult in the > past, which is why we did our best to offload client certificate > authentication to httpd. I'm happy to explore the options, > but I don't think we need to re-implement every httpd feature we want to use, > especially when it comes to authentication. Speaking of, we are also planning > to use httpd modules to integrate with > third-party identity management for REST API authentication, and I similarly > don't think we need to re-implement that in python.
For most scenarios, offloading this to the web server is going to be the right way. Most web servers (nginx, apache, iis, etc...) have ways to pass this information into the web application in a trustable manner, and are the right way. Runserver is not something more than a simple tool to assist in development, and we shouldn't limit what best practices we can and can't do by it's limitations. > But I'm with you that we should try to keep the development server useful, > and also retain the option to run Pulp with something other than httpd. > > -- > Michael Hrivnak > Principal Software Engineer, RHCE > Red Hat > _______________________________________________ > Pulp-dev mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pulp-dev
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Pulp-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-dev
