Michal Wallace wrote: > On Tue, 24 Jan 2006, Jim Fulton wrote: > ...
> Maybe I just don't understand why this is > important. Can someone (Jim) explain why this > is a requirement in the first place? We do our own authentication for lots of reasons, including: - Zope can provide user and group management facilities that are convenient to use, - Zope can integrate with external systems that haven't been integrated with the server, - Zope can use authentication schemes that the server may not support. History has shown us that many users find this useful. If Zope performs authentication, then we'd like the authentication to show up in the access logs. People sometimes use Zope behind another web server, but often people don't. When they don't and are using Zope with Zserver (medusa) or Twisted, then it should be possible to give ZServer or Twisted the information to log appropriately. If this isn't possible with WSGI, then we can write out own access logs. I'd prefer not to have to do that because the times included in any access logs we write won't be accurate, as the request as seen by the web client will end later than the time we're done with the request. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org _______________________________________________ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
