Sign In/My Account | View Cart  
advertisement

Article:
Atom Authentication
Subject: Setting up the server auth.
Date: 2004-01-06 04:18:44
From: simon kittle
I know I must be being incredibly stupid, but say I'm Bob. How do I setup the server to require WSSE authentication in the first place ?


You state: "But this request didn't include any authentication information. The server responds with an HTTP 401 Unauthorized:"


How does Bob setup the server to request any authentication at all, rather than just serving files? Surely that requires an .htaccess as well?



And on this point, would it not be possible to use a similar scheme to add authentication at the CGI level, without any server involvement?


The credentials are passed to a CGI which is simply served in the standard way. If the password was wrong the CGI would print a message and exit, refusing to do anything. Obviously it doesn't protect all the other files in the directory, and it's open to attack via bugs in the CGI, but it may be useful in some circumstances.

Previous Message Previous Message   Next Message Next Message

Titles Only Titles Only Newest First
  • Setting up the server auth.
    2004-01-06 21:13:21 Mark Pilgrim [Reply]

    There is a good example of this in XML::Atom, Ben Trott's Perl implementation of the Atom API. It includes a skeleton server that handles the API (including authentication), with hooks to build the rest of your application on top. It can run as a CGI in a non-.htaccess environment. Check it out.


    http://search.cpan.org/~btrott/XML-Atom-0.05/

    • Setting up the server auth.
      2004-01-08 12:46:57 simon kittle [Reply]

      Thanks for that, it's interesting.


      But it does mean the authentication happens at the CGI level, right?


      I think I was confused because you said "the server will return 401" and I guess I assumed the web server but presumably you were meaning the CGI based Atom server right?


      I just wanted to get this clear because obviously that would mean no other files in that specific directory are protected.





      • Setting up the server auth.
        2007-04-10 11:21:36 Robert_Hayden [Reply]

        I don't think this tries to protect any files on the web server; I think this authentication only keeps the CGI script from doing things that someone other than Bob ask it to do.


        I believe the CGI script actually sends the 401 header.
        When the Atom client responds, the meat of its response is in the X-WSSE header which Apache passes to the CGI script.


Sponsored By: