hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <http-as...@dubioso.net>
Subject Re: [HttpConn] connection management
Date Sat, 06 Jan 2007 22:26:26 GMT
Hi Robert,

> As far as I understand it, yes as long as that connection is open
> all resources transferred are considered authenticated.


> NTLM is problematic since it works very differently from how http is
> supposed to work. NTLM keeps state, http does not.
> The only way I have managed to get my proxy to handle NTLM connections
> between the real server and the real client is to switch the proxy
> to a dumb tunnel when NTLM is negotiated (otherwise another client might
> reuse the same server connection and be authenticated). For a
> proxy any accidental authentication inheriting is very bad, for a normal
> browser/tool it is probably ok.

For a browser it doesn't matter because it's acting for a single
user. I'm not sure how we handle this in HttpClient right now.
But I sure don't want that to happen accidentally in 4.0.

> I suspect that there are lots of proxies that have problems when the
> real server tries to use NTLM.

The NTLM levels we can support are better not used outside
of an intranet anyway ;-)


To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org

View raw message