httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@wired.com>
Subject Re: Logging of remote_user
Date Tue, 04 Apr 1995 17:42:50 GMT
On Tue, 4 Apr 1995, David Robinson wrote:
> Currently httpd only logs any username for protected documents. How do folks
> feel about my changing this so that it logs any remote username sent by the
> client (as part of authentication data), even if the document being
> accessed was not protected?
> 
> I've found another bug in the handling of the user information, and it might
> be convenient to change the logging in the manner I described.

It should only record it for protected documents.  Some browsers are 
"promiscuous" and send authentication info even for resources not under 
authentication, and that behavior shouldn't be rewarded or recognized. 
Besides, when I was learning how to set up access control it was a very 
good way to know I was doing things right - adding ambiguity there would 
have been confusing.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com  brian@hyperreal.com  http://www.hotwired.com/Staff/brian/


Mime
View raw message