Scrive DZ-Jay <[EMAIL PROTECTED]>:
> (Sorry for my last message, I click "Send" before I wrote anything on it!)
No problem :-)
> Maurizio Lotauro wrote:
> > Are you sure? I quickly reread the rfc and it say that more that one
> > could be specified in the header, but a challenge is defined as
> > challenge = auth-scheme 1*SP 1#auth-param
> Yes, I am sure. It says that the "auth-scheme" token must be at least
> one valid authentication mechanism,
What I mean was, if the rfc say that more thatn one challenge can be
specified, and a challenge is defined as above, then I interpreted it as:
WWW-Authenticate: digest realm="...", nonce="...", ... basic realm="..."
> and specifies that they should be listed in the order of preference.
Where is specified?
> > In any case the realm is defined as quoted-string but in the above header
> > written without quote.
> In my example, it was (realm="foo"). It refers to the value of the
> realm, which must be a quoted-string, not the parameter name itself.
I'm referring to the trace wrote from SZ in the first message.
> > As side note, the THttpCli doesn't expect more than one challenge per
> > How often is used from servers to specify more that one challenge per
> I don't think it is very often. I mean, for example, if you require
> Digest, why would you allow Basic? And more often than not, clients
> merely support Basic and nothing else, except in proprietary
> environments, in which case, you then specify the *only* mechanism that
> you will support.
There are other authentication, not only Digest, NTLM and Basic.
I personally I don't consider the Basic an authentication ;-)
> But still, it is specified in the RFC, and even emphasized on a side
> note as a caveat, so I believe it should be implemented, just to be
> fully compliant. Eventually. :)
Of course. I'm not sure but it is possible that it doesn't consider that an
header can continue in a new line.
So the conclusion is that the header parsing need a revision :-)
This mail has been sent using Alpikom webmail system
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be