On Sunday 22 January 2006 11:34, Phillip J. Eby wrote: > >Is Zope the only WSGI application that performs authentication > >itself? > > I think Zope is the only WSGI application that cares about communicating > this information back to the web server's logs. :) Or at least, the only > one whose author has said so. :)
Well, I originally worked with Itamar and James on the Twisted integration into Zope 3, when we noticed this problem. > Perhaps an "X-Authenticated-User: foo" header could be added in a future > spec version? (And as an optional feature in the current PEP.) This seems > a simpler way to incorporate the feature than adding an extension API to > environ. We considered and even implemented originally suggestions you made, but considered it a security problem and dismissed it. And a "convention" is not really a viable solution either, since it defeats the point of a non-specific API, like WSGI. We thought about the problem quiet a bit and decided that the user is really the only thing that the log really has to know from the application. So a simple callback that expects a simple string would be just fine. Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training _______________________________________________ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
