httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: FakeBasicAuth - a howto anywhere?
Date Thu, 27 Jan 2005 18:28:12 GMT


On Thu, 27 Jan 2005, Jim Jagielski wrote:

> As you know, all FakeBasicAuth is "preload" the auth info; it still
> requires that authentication itself take place. So the way around it is
> to enable anon auth which accepts "anything" as valid. Of course, that's
> not too secure. So some sort of special purpose auth module, which is
> FakeBasicAuth awareish is required.

Right you -really- want to also have an SSLRequire in place ! or
alternatively we have a small module in the company which simply filles
out the c->user from the the SSL env() info - whcih sometimes is needed
when there is a rewrite/internal_redirect causing the Auth header to go
awol..

Dw

Mime
View raw message