On Mon, Feb 24, 2003 at 08:26:34AM -0800, Ben Collins-Sussman wrote:
>
> Ouch! Good point! At a minimum, our prompt provider needs to know
> the exact URL which is issuing the challenge, and tell the user. Wow.
>
Or some logical realm name, id, or something. I worry about URLs because
they are just references; there may be other lexically different and
semantically equivalent references. It is also possible (likely, in the case
of tunnelled HTTP connections) that the server's idea of its canonical
URL is different from the client's.
In addition to the realm name, we might also be interested in whether
the server has been somehow authenticated, and if so, how; there's no point
in sending our nice pretty credentials off to a Man-In-The-Middle.
--ben
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Feb 24 15:51:20 2003