httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dirk.vanGulik" <Dirk.vanGu...@jrc.it>
Subject Re: PUT authoring
Date Tue, 18 Jun 1996 06:40:52 GMT

 
> Just a thought... is there a way to use "skey" to make authoring
> secure? If apache could send back a challenge, the user can (outside
> of the browser) generate the correct one-time-password and send that along
> with the PUT. No unique one-time-password and the PUT is rejected... much
> simpler than anything I've seen discussed so far.
> 
> It'd take some work to get apache ready for this, but the end result
> is much cleaner.
> 
> A netscape skey 'plug-in' could make this very slick.

We plugged this in at some stage in the plain mod_auth.c module; but it
turned out to be a pain; the challenge was put in the Realm string; which
very often got cached by proxies :-(

Dw.


Mime
View raw message