I use SSL for authentification only. Rest is plain http. Maybe I might consider using SSL for comet feed....
Thanks for suggestion. On 29 November 2012 05:35, Bill Moseley <mose...@hank.org> wrote: > > > On Wed, Nov 28, 2012 at 4:21 AM, Jaro Zajonc <jaro.zaj...@gmail.com>wrote: > >> But if I direct traffic from Apache directly to Twiggy server >> I'd bypass Catalyst Authentication/Authorization part for Comet session, >> right? >> I'd like to allow only authenticated users to subscribe to comet channel. >> I am sure I am missing some really simple piece of the puzzle :-\ >> > > Are you over SSL by chance? I've done this by constructing a token on > the authenticated server and then have the secondary server that can't > fully authenticate validate the token which might be a simple digets of > secret + timestamp. > > That is, the server w/o the auth validates that the token is legitimate > and the SSL tells me it came from the client I gave it to. > > > > -- > Bill Moseley > mose...@hank.org > > _______________________________________________ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > >
_______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
