Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Robrt (1414)

Robrt
  (email not shown publicly)

robert at perl dot org

Journal of Robrt (1414)

Saturday January 03, 2004
11:17 PM

will it stick?

[ #16616 ]

I just committed the shell of the Apache2 module to interact with the perl.org ducttape authentication system. Ask and I have been talking about replacing the system forever, but since it does the job, and we're already operating on negative tuits, there's no good reason.

In this process, I've determined that http authentication sucks, no matter which way you slice it. There is no complete in-band answer. We've got to support standard http requests, funky automated things for the RT CLI, DAV and SVN requests for subversion.

Basic auth. gets the job done, but there's no way to log-out, the prompts are very vague, and it's plaintext without SSL.

ducttape is a cookie based system (not for protecting nuclear reactors), and if the authorization fails, you get redirected elsewhere to login and redirected back. automated clients like SVN and rt-cli will totally barf on a pretty login screen, which means they can't use this, and will have to fall back to a different system. (Which means i need to support two systems.. one for "people", and one for "machines".)

Why can't we all just use gopher?

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.