httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: [NEWTOY] flow-00
Date Mon, 08 Jun 1998 05:21:02 GMT


On Sun, 7 Jun 1998, Ben Laurie wrote:

> Dean Gaudet wrote:
> > Too bad digest auth doesn't quite fit the entire mold.  The flow engine
> > would have to do the digest calculations for each (affected) request in
> > order to gain any benefits.  I was hoping to avoid the need to extend the
> > code of the flow engine -- I want it to be exclusively data driven... oh
> > well.
> 
> The digest only changes when the nonce changes. Since the obvious thing
> to do is to make nonces survive for a certain amount of time, the digest
> could be cached until it expired, at which point the cache gets
> discarded, a new nonce is generated (coincidentally) and when the
> response comes back, the new response can be cached. Or am I missing
> something?

The digest is a function of (username, password, nonce, Request-Method,
Request-URI)... so we'd have to cache a digest for each user for each
url... we couldn't share the auth pattern like we can for basic auth. 
Users tend not to re-request the same URL frequently enough for it to be
worth the effort of saving their digest for that url.  That's why I was
suggesting we'd have to calculate the digest on the fly.

Dean



Mime
View raw message