httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <>
Subject Re: [PATCH] flood: basic user auth
Date Wed, 04 Sep 2002 17:43:51 GMT
On Wed, Sep 04, 2002 at 06:40:39PM +0200, Jacek Prucia wrote:
> <url user="Aladdin" password="open
> sesame">http://localhost:8080/auth</url>

To me, this seems a fair enough compromise for right now as it
seems some people really want this feature now.

> I can also prepare round-robin-auth.xml, but it would then require
> public resource protected (?) with well-known username and password.
> Maybe somebody can setup such a beast on ;) To be honest
> I was thinking about (yeah...
> this url is stupid... it is supposed to be just a proof of concept) with
> a bunch of files there. We could then demonstrate anything flood is

That's perfectly okay with me.  We can do all of that via .htaccess
configuration.  We can arrange for you to get the right access to
the repositories and servers to setup this area.

> capable of (regexp matches, failures, auth and this kind of stuff). With
> such setup changes in google responses wouldn't be that bad ;))

Yeah, it'd ensure that our examples don't break on us.  But, it's
kind of cool to use Google in the examples.  =)

> BTW: This patch kinda suck. The proper way to do this would be to define
> realms like this:
> <realm>
>    <name>test</name>
>    <user>foo</user>
>    <password>bar</password>
>    <!-- if somebody want to simulate typing -->
>    <delay>10</delay>
> </realm>

Not sure we'd want delay in the realm (that seems more like a
property of the URL not the auth realm), but yeah, I agree that
this makes better sense.  Yet, I don't see a need to hold up
adding basic user auth support for this (unless you want to
code it up first).

> ...and react to WWW-Authenticate header just like browsers and other
> tiny clients (like wget) do. And I think we want to mimic browser
> behaviour. OTOH this brings up other issue -- an url list where we can
> insert new urls in realtime (like is planned for 3xx responses), which
> needs a bit more work...

*sigh*  Yeah, that's one thing we've always thought about, but never
really implemented (allowing following of 3xx).  If you wish to
take a stab at it, be our guest.  Almost certainly, we'd have to
discuss it on-list first before coding it up.  -- justin

View raw message