Ticket #2 (defect)
Opened 10 years ago
Last modified 10 years ago
delegate digest authentication to apache / lighttpd / squid
Status: closed (invalid)
|Reported by:||firstname.lastname@example.org||Assigned to:||somebody|
Apache already has mod_digest (and mod_ldap), and IMHO it is better to delegate security to Apache (rather than re-implement digest in CherryPy). Also, it might be safer to _configure_ security declaratively than code it.
Has anyone deployed CherrPy? behind mod_digest (or mod_ldap), and retrieved the "Authorization-Info" ?
Or, is it a wrong question? I am trying a parallel with MS IIS , where is possible to set Directory Security to "Windows Integrated". The CGI or ASP pages retrieve the "authenticated user" server variable, or headers.
X-FORWARDED-SERVER: local REFERER: http://local/index ACCEPT-LANGUAGE: en HOST: localhost:8080 ACCEPT: */* USER-AGENT: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3 CONNECTION: close Remote-Addr: 127.0.0.1 X-FORWARDED-HOST: local X-FORWARDED-FOR: 192.168.255.3 ACCEPT-ENCODING: gzip, deflate
04/02/07 18:45:52: Modified by fumanchu
- status changed from new to closed.
- resolution set to invalid.