Re: auth cache (was: svn commit: rev 5006 ...)

From: mark benedetto king <mbk_at_boredom.org>
Date: 2003-02-24 15:50:24 CET

On Mon, Feb 24, 2003 at 08:26:34AM -0800, Ben Collins-Sussman wrote:
>
> Ouch! Good point! At a minimum, our prompt provider needs to know
> the exact URL which is issuing the challenge, and tell the user. Wow.
>

Or some logical realm name, id, or something. I worry about URLs because
they are just references; there may be other lexically different and
semantically equivalent references. It is also possible (likely, in the case
of tunnelled HTTP connections) that the server's idea of its canonical
URL is different from the client's.

In addition to the realm name, we might also be interested in whether
the server has been somehow authenticated, and if so, how; there's no point
in sending our nice pretty credentials off to a Man-In-The-Middle.

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Feb 24 15:51:20 2003

This message: [ Message body ]
Next message: David Waite: "Re: auth cache"
Previous message: Ben Collins-Sussman: "Re: auth cache (was: svn commit: rev 5006 ...)"
In reply to: Ben Collins-Sussman: "Re: auth cache (was: svn commit: rev 5006 ...)"
Next in thread: Greg Stein: "Re: auth cache (was: svn commit: rev 5006 ...)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]