[nycphp-talk] NEW PHundamentals Question - HTTP Authentication
Dan Cech
dcech at phpwerx.net
Thu Nov 4 12:51:19 EST 2004
csnyder wrote:
> If PHPWiki used HTTP authentication, then team members could use a
> Newsreader to keep an eye on recent edits, because they could embed
> the login information in the URL:
>
> http://username:password@intranet/wiki/index.php/RecentChanges?format=rss
>
> But since PHPWiki authenticates via an HTML form, there's nothing they
> can do. So I guess I won't call this a silly feature anymore.
Yep, this is a great way to keep track of stuff, and a good reason for
HTTP Auth, at least for those readers which support it.
Right now Thunderbird supports embedding Login information in feed URIs,
which is great, however to be secure when using HTTP auth you really
should use HTTPS, which isn't supported in Thunderbird.
You can view more information about this bug here:
https://bugzilla.mozilla.org/show_bug.cgi?id=254231
Another situation where supporting HTTP Auth is advantageous is for web
services like XMLRPC. I recently implemented an XMLRPC server which
could use either the typical session based logins (ie you request
system.login first with your credentials then use the returned session
id for future requests), or HTTP Auth for single requests.
Dan
> chris.
More information about the talk
mailing list