Hi all,
Let's continue this discussion in the developers mailing list.
See my reply there:
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=7458dsMessageId=1022072
Best regards,
Jerome Louvel
--
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
Noelios Technologies ~
2008 11:42
A : discuss@restlet.tigris.org
Cc : Jerome Louvel
Objet : Re: securing Restlet
hello Jerome,
On Friday 26 December 2008 20:14:02 Jerome Louvel wrote:
Hi Raif,
This is a good start. We have a page on the developers' wiki that should
be used during this refactoring project. I have
_
De : remidewi...@gmail.com [mailto:remidewi...@gmail.com] De la part de Rémi
Dewitte
Envoyé : vendredi 26 décembre 2008 14:39
À : discuss@restlet.tigris.org
Objet : Re: securing Restlet
Jerome,
I will do all the necessary to allow the code to be integrated as soon as
possible
Hi Raif,
This is a good start. We have a page on the developers' wiki that should be
used during this refactoring project. I have updated it
based on the issues and discussions you have selected, extending to all other I
could find.
Security refactoring
[mailto:tig...@naffah-raif.name]
Envoye : samedi 20 decembre 2008 01:01
A : discuss@restlet.tigris.org
Cc : Stephan Koops
Objet : Re: securing Restlet
hello Stephan,
my comments are in-lined.
On Friday 19 December 2008 19:49:12 Stephan Koops wrote:
Hi Raif,
I think it is good, if a developer could
A : discuss@restlet.tigris.org
Objet : Re: securing Restlet
On Dec 20, 2008, at 6:49 PM, Raif S. Naffah wrote:
On Sunday 21 December 2008 09:05:46 Rhett Sutphin wrote:
On Dec 20, 2008, at 3:34 PM, Raif S. Naffah wrote:
hello Stephan,
On Sunday 21 December 2008 00:41:48 Stephan Koops wrote:
Hi
: securing Restlet
Hi Rémi,
cool.
Jerome, Thierry: Could we add it to the code base, if the security is
refactored?
best regards
Stephan
I have made a cookie authentication for restlet.
Here is the code. Few things might not be clean but it works quite
fine.
I hope it helps.
Rémi
hello Jerome,
On Friday 26 December 2008 20:14:02 Jerome Louvel wrote:
Hi Raif,
This is a good start. We have a page on the developers' wiki that should
be used during this refactoring project. I have updated it based on the
issues and discussions you have selected, extending to all other I
~ Founder and Lead developer ~ http://www.restlet.org
Noelios Technologies ~ Co-founder ~ http://www.noelios.com
-Message d'origine-
De : Stephan Koops [mailto:stephan.ko...@web.de]
Envoyé : lundi 22 décembre 2008 19:32
À : discuss@restlet.tigris.org
Objet : Re: securing Restlet
Hi Rémi
Guilty as charged, fixed on my copy and never sent the patch back to the
Restlet list. Will do when I get back from holiday travels!
On Fri, Dec 26, 2008 at 12:36 PM, Tim Peierls t...@peierls.net wrote:
On Fri, Dec 26, 2008 at 5:05 AM, Jerome Louvel jerome.lou...@noelios.com
wrote:
Also,
Ho Rhett,
but doesn't the current Guard implementation obviate the need for
both
sessions and cookies, and yet provide us with basic authentication?
if yes,
then a solution for providing customizable form-based login could be
to
extend its capabilities to allow declaring and re-directing
Hi Stephan,
On Dec 22, 2008, at 3:20 AM, Stephan Koops wrote:
Ho Rhett,
but doesn't the current Guard implementation obviate the need for
both
sessions and cookies, and yet provide us with basic
authentication?
if yes,
then a solution for providing customizable form-based login
could
Hi Rhett,
There is a way, but HTML and HTTP is not enough: You need JavaScript
to send a XMLHttpRequest. But you can't use http state 401 for
return, because the browser should prompt (search for 401 on
http://www.w3.org/TR/XMLHttpRequest/)
for the users credentials, and that is,
Hi Rémi,
cool.
Jerome, Thierry: Could we add it to the code base, if the security is
refactored?
best regards
Stephan
I have made a cookie authentication for restlet.
Here is the code. Few things might not be clean but it works quite
fine.
I hope it helps.
Rémi
Hi Stephan,
On Dec 22, 2008, at 12:02 PM, Stephan Koops wrote:
Hi Rhett,
There is a way, but HTML and HTTP is not enough: You need JavaScript
to send a XMLHttpRequest. But you can't use http state 401 for
return, because the browser should prompt (search for 401 on
Hi Rhett,
Depending on the browser (I forget which ones exactly) you can sometimes
push empty credentials into an XmlHttpRequest to effectively log out the
user. But now, we are far down the path of horrible hacks :-)
The caching of HTTP Basic credentials into XmlHttpRequest is inconsistently
Hi Rhett,
Oh, so when you pass credentials using XmlHttpRequest, the browser
automatically caches them? That's cool. I didn't know that worked.
I guess this has the same downside as normal browser-based
authentication, then -- it's impossible to log out without quitting
the
On Dec 20, 2008, at 6:49 PM, Raif S. Naffah wrote:
On Sunday 21 December 2008 09:05:46 Rhett Sutphin wrote:
On Dec 20, 2008, at 3:34 PM, Raif S. Naffah wrote:
hello Stephan,
On Sunday 21 December 2008 00:41:48 Stephan Koops wrote:
Hi Raif,
Another possibility to not require the browser
Hi Raif,
Another possibility to not require the browser login prompt is to use an
AJAX reqeust and set the credentials in it. I've implemented this, but I
needed a new return status for it, because if the server returns 401
(authentication required / invald) to the client, then the browser
hello Stephan,
On Saturday 20 December 2008 22:32:50 Stephan Koops wrote:
Hi Raif,
Another possibility to not require the browser login prompt is to use
an AJAX reqeust and set the credentials in it. I've implemented this,
but I needed a new return status for it, because if the server
Hi Raif,
Another possibility to not require the browser login prompt is to use
an AJAX reqeust and set the credentials in it. I've implemented this,
but I needed a new return status for it, because if the server returns
401 (authentication required / invald) to the client, then the browser
hello Stephan,
On Sunday 21 December 2008 00:41:48 Stephan Koops wrote:
Hi Raif,
Another possibility to not require the browser login prompt is to
use an AJAX reqeust and set the credentials in it. I've implemented
this, but I needed a new return status for it, because if the server
On Dec 20, 2008, at 3:34 PM, Raif S. Naffah wrote:
hello Stephan,
On Sunday 21 December 2008 00:41:48 Stephan Koops wrote:
Hi Raif,
Another possibility to not require the browser login prompt is to
use an AJAX reqeust and set the credentials in it. I've
implemented
this, but I needed a
On Sunday 21 December 2008 09:05:46 Rhett Sutphin wrote:
On Dec 20, 2008, at 3:34 PM, Raif S. Naffah wrote:
hello Stephan,
On Sunday 21 December 2008 00:41:48 Stephan Koops wrote:
Hi Raif,
Another possibility to not require the browser login prompt is to
use an AJAX reqeust and set
Hi Raif,
I think it is good, if a developer could build a HTML application with
Restlet, where he could give a typical login HTML web page and the user
could login without the browsers HTTP authentication prompt (because you
can't design it and so on). In Servlet apps you typically use
hello Stephan,
my comments are in-lined.
On Friday 19 December 2008 19:49:12 Stephan Koops wrote:
Hi Raif,
I think it is good, if a developer could build a HTML application with
Restlet, where he could give a typical login HTML web page and the user
could login without the browsers HTTP
26 matches
Mail list logo