Yes, but you won't send your credentials in plane text as you do with CookieCrumble, will you?

Well, its more or less exactly the same as with BasicAuth :-)
(base64 plaintext vs. plaintext in html forms does not really matter)
Yes, but if you set only the authentication header in https and manually came back to http, then will you send your password in plain text?


----------------------------------------------------------
https://some_url/folder1/index_html

GET /folder1/index_html HTTP/1.1
Host: some_ip
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Authorization: Basic YWRtaW46Zm9vcGFzcw==

HTTP/1.x 200 OK
Date: Fri, 23 Jun 2006 12:02:34 GMT
Server: Zope/(Zope 2.7.8-final, python 2.3.5, linux2) ZServer/1.1
Content-Length: 156
Content-Type: text/html
X-Zopeuser: admin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
----------------------------------------------------------

nice password btw ;)
Yes, a test password off course ;-). Will this being sent encrypted?

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to