httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <>
Subject Re: auth stuff still broken
Date Tue, 17 Sep 2002 18:19:53 GMT
On Tue, Sep 17, 2002 at 10:26:02AM -0700, Aaron Bannert wrote:
> On Tue, Sep 17, 2002 at 01:00:44PM -0400, Ryan Bloom wrote:
> > > Does that make any sense?  I'm certain you will have users misconfigure
> > > the 'backstop' modules (_default flavors) resulting in insecure servers.
> > > If the 'backstop' _default auth handlers are always loaded as part of the
> > > core mod_auth, users will have far fewer problems.
> > 
> > I almost like this, but I wouldn't put it mod_auth.  I would put them in
> > the core.  The core server has always been the location for our default
> > functions.
> +1 for the core, or at least a module that's always statically compiled
> (which is easy to do with the .m4 macros we have).

Well... as long as "core" means modules/http/.

But since our running of auth hooks comes from server/, then this stuff
could prolly go there as well. IMO, it sucks that our "core" server knows
about HTTP authentication and authorization.

In general: sure, this stuff makes some sense in the core rather than
default modules.


Greg Stein,

View raw message