Return-Path: X-Original-To: apmail-infrastructure-dev-archive@minotaur.apache.org Delivered-To: apmail-infrastructure-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 35913DF68 for ; Tue, 28 May 2013 22:12:20 +0000 (UTC) Received: (qmail 29883 invoked by uid 500); 28 May 2013 22:12:20 -0000 Delivered-To: apmail-infrastructure-dev-archive@apache.org Received: (qmail 29753 invoked by uid 500); 28 May 2013 22:12:19 -0000 Mailing-List: contact infrastructure-dev-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: infrastructure-dev@apache.org Delivered-To: mailing list infrastructure-dev@apache.org Received: (qmail 29745 invoked by uid 99); 28 May 2013 22:12:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 May 2013 22:12:19 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=10 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of sa3ruby@gmail.com designates 209.85.214.181 as permitted sender) Received: from [209.85.214.181] (HELO mail-ob0-f181.google.com) (209.85.214.181) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 May 2013 22:12:14 +0000 Received: by mail-ob0-f181.google.com with SMTP id 16so491846obc.40 for ; Tue, 28 May 2013 15:11:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=RNi0mDnQjP8Vq+uwiGD0nwsb4AH1lgXxTHz/7w0LcVc=; b=q8vteKwcGmyGAWQQr9jHvwAvG7yJCovcTtSATMKHyJ7oi737LzMprMdHUOFJodIY+s zVbtTdvbb0WstDCpVaQ0O9Km31bxCrft+mhPDiWa7dFHEpD6XAjuRZfL0jQdw73vUc1q +hiNsnhQUP7un5GuatsWYenfSktKVhZvSjezUrkykx7QEskUdu6rpUI2rcngjwKYBGoR lQPzqNNMScabF9Pfw7cEv73utwXVOVU20vE8m25dgZCBwIZaq1+aYpg1nHm+OZBoS0ms 40R+L3Yv8mNDoVlrhOY+oSbv7ncAStpKYf7J/I2lPABeHNCCjlMy/fObMJiGrDIiVreS ETDQ== MIME-Version: 1.0 X-Received: by 10.60.37.133 with SMTP id y5mr5617341oej.123.1369779113701; Tue, 28 May 2013 15:11:53 -0700 (PDT) Sender: sa3ruby@gmail.com Received: by 10.60.77.99 with HTTP; Tue, 28 May 2013 15:11:53 -0700 (PDT) In-Reply-To: <223E4DC4-F88F-4CC9-80C6-5B8D9C1C2C8C@pc-tony.com> References: <74DE6ABC-FB0E-401F-8A67-10EDCBC7D240@toolazydogs.com> <31F87974-BC9B-4279-8960-3867C3432720@toolazydogs.com> <5112E265-B761-4BD2-91F8-96D22D2DE089@toolazydogs.com> <223E4DC4-F88F-4CC9-80C6-5B8D9C1C2C8C@pc-tony.com> Date: Tue, 28 May 2013 18:11:53 -0400 X-Google-Sender-Auth: SDxrePk9fSLq7Os_onA4_kfXQWg Message-ID: Subject: Re: Canonical sources for information From: Sam Ruby To: infrastructure-dev@apache.org Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org On Tue, May 28, 2013 at 5:55 PM, Tony Stevenson wrote: > > On 28 May 2013, at 21:50, Alan Cabrera wrote: >>> >>> This requires an LDAP login, which means the code probably cannot be >>> safely automated to run on a shared host, as the password would need >>> to be stored somewhere. >>> >>> Would it be possible to provide access to the public information >>> without requiring a login? >> >> How about returning just public information when credentials are not supplied and returning full information if credentials are supplied? > > The issue here is that your credentials are used to bind to LDAP to collect this data, AIUI. Actually, I don't believe so. Anybody with shell access to certain machines can obtain this data (read only). This includes role accounts, including the one used by the web server. Given the way HTTP authentication works, it probably would be best if we want to provide an unauthenticated service that we do so with a separate URI. - Sam Ruby