[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: auth cache (was: svn commit: rev 5006 ...)

From: mark benedetto king <mbk_at_boredom.org>
Date: 2003-02-24 15:50:24 CET

On Mon, Feb 24, 2003 at 08:26:34AM -0800, Ben Collins-Sussman wrote:
>
> Ouch! Good point! At a minimum, our prompt provider needs to know
> the exact URL which is issuing the challenge, and tell the user. Wow.
>

Or some logical realm name, id, or something. I worry about URLs because
they are just references; there may be other lexically different and
semantically equivalent references. It is also possible (likely, in the case
of tunnelled HTTP connections) that the server's idea of its canonical
URL is different from the client's.

In addition to the realm name, we might also be interested in whether
the server has been somehow authenticated, and if so, how; there's no point
in sending our nice pretty credentials off to a Man-In-The-Middle.

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Feb 24 15:51:20 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.