httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: [NEWTOY] flow-00
Date Wed, 10 Jun 1998 19:24:15 GMT
Dean Gaudet wrote:
> 
> On Sun, 7 Jun 1998, Ben Laurie wrote:
> 
> > Dean Gaudet wrote:
> > > Too bad digest auth doesn't quite fit the entire mold.  The flow engine
> > > would have to do the digest calculations for each (affected) request in
> > > order to gain any benefits.  I was hoping to avoid the need to extend the
> > > code of the flow engine -- I want it to be exclusively data driven... oh
> > > well.
> >
> > The digest only changes when the nonce changes. Since the obvious thing
> > to do is to make nonces survive for a certain amount of time, the digest
> > could be cached until it expired, at which point the cache gets
> > discarded, a new nonce is generated (coincidentally) and when the
> > response comes back, the new response can be cached. Or am I missing
> > something?
> 
> The digest is a function of (username, password, nonce, Request-Method,
> Request-URI)... so we'd have to cache a digest for each user for each
> url... we couldn't share the auth pattern like we can for basic auth.
> Users tend not to re-request the same URL frequently enough for it to be
> worth the effort of saving their digest for that url.  That's why I was
> suggesting we'd have to calculate the digest on the fly.

Agreed.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

Mime
View raw message