httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacek Prucia <>
Subject Re: [PATCH] flood: basic user auth
Date Thu, 05 Sep 2002 15:48:51 GMT
On Wed, 4 Sep 2002 10:43:51 -0700
Justin Erenkrantz <> wrote:

> On Wed, Sep 04, 2002 at 06:40:39PM +0200, Jacek Prucia wrote:
> > <url user="Aladdin" password="open
> > sesame">http://localhost:8080/auth</url>
> To me, this seems a fair enough compromise for right now as it
> seems some people really want this feature now.

Yep, but this patch is borked. I found a few flaws in it (including
SEGV). A revised version is in the works. I'll post it here later.

> > I can also prepare round-robin-auth.xml,
> That's perfectly okay with me.  We can do all of that via .htaccess
> configuration.  We can arrange for you to get the right access to
> the repositories and servers to setup this area.

Cool. How about ?

> > capable of (regexp matches, failures, auth and this kind of stuff).
> > With such setup changes in google responses wouldn't be that bad ;))
> Yeah, it'd ensure that our examples don't break on us.  But, it's
> kind of cool to use Google in the examples.  =)

Agreed. I'll try to fix that Google regexp before we roll 1.0

> > <realm>
> >    <name>test</name>
> >    <user>foo</user>
> >    <password>bar</password>
> >    <!-- if somebody want to simulate typing -->
> >    <delay>10</delay>
> > </realm>
> Not sure we'd want delay in the realm (that seems more like a
> property of the URL not the auth realm),

So that we might mimic human behaviour. Typing a password with keyboard
takes time, doesn't it? But this is a bikesheed issue. We are far away
from flood beeing 'web capacity testing tool' and that feature is just
exactly for that type of testing. Moved down TODO list.

> *sigh*  Yeah, that's one thing we've always thought about, but never
> really implemented (allowing following of 3xx).  If you wish to
> take a stab at it, be our guest.  Almost certainly, we'd have to
> discuss it on-list first before coding it up.

Yep. I was thinking about treating all subsequent request kinda like
separate URL list. Just like a stack. Flood gets 3xx response -- it
makes a new temporary urllist and copies current URL and location from
response to it, does switch and goes on. If it needs to repeat that (401
or another 3xx) -- fine. When it hits 2xx type response it goes back to
url where fork has occured. Of course there are few issues to take care
about: time measure, detection of redirect loops and so on. Besides that
we have no way for farmer to switch urllist on the fly -- that would be
needed first. Does that makes sense?

Jacek Prucia S.A.

View raw message