httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject Re: PUT authoring
Date Mon, 17 Jun 1996 16:17:21 GMT

okay, I obviously didn't absorb the problems you listed last week.
I still think skey is a good first line of defense in this PUT system..
you could make the server side of the sytem bulletproof but if it's easy
to spoof the authorization (which basic auth is vulnerable to) then it's
no longer bulletproof.

> If you want to write an S/Key auth module, don't take this as
> discouragement; it might very well be an excellent thing to have.

yup, mod_auth_skey  could be very useful in general. It could also be
used in pay-per-view systems where the user is given a fixed number of
passwords (an skey feature) to limit the number of requests they can


View raw message