httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ras...@madhaus.utcs.utoronto.ca
Subject Re: PUT handler spec?
Date Fri, 05 Jul 1996 19:11:53 GMT
Seems like a lot of tricks to do what really should be a simple thing.

How about something like:

- Browser sends a PUT request with a URI
- Server sees the PUT request and automatically asks for authentication
- Browser sends authentication username and password
- Server authenticates through the normal mechanism
    if authenticated, server looks at owner of URI, or if not present,
    the owner of the directory.  If authenticated user does not match
    this owner, FAIL, otherwise, go ahead and replace/create the URI

This would seem to me to be a secure way of doing things.  You wouldn't
be able to step on other peoples' files, unless you knew their http
authentication password.  Could this not simply be an extension of the
existing auth modules?

-Rasmus

Mime
View raw message