Setting up the server auth.

Article:
Atom Authentication

Subject: Setting up the server auth.

Date: 2004-01-06 04:18:44

From: simon kittle

I know I must be being incredibly stupid, but say I'm Bob. How do I setup the server to require WSSE authentication in the first place ?

You state: "But this request didn't include any authentication information. The server responds with an HTTP 401 Unauthorized:"

How does Bob setup the server to request any authentication at all, rather than just serving files? Surely that requires an .htaccess as well?

And on this point, would it not be possible to use a similar scheme to add authentication at the CGI level, without any server involvement?

The credentials are passed to a CGI which is simply served in the standard way. If the password was wrong the CGI would print a message and exit, refusing to do anything. Obviously it doesn't protect all the other files in the directory, and it's open to attack via bugs in the CGI, but it may be useful in some circumstances.

Previous Message Next Message

Titles Only

Full Threads

Newest First

Setting up the server auth.
2004-01-06 21:13:21 Mark Pilgrim [Reply]

There is a good example of this in XML::Atom, Ben Trott's Perl implementation of the Atom API. It includes a skeleton server that handles the API (including authentication), with hooks to build the rest of your application on top. It can run as a CGI in a non-.htaccess environment. Check it out.

http://search.cpan.org/~btrott/XML-Atom-0.05/