CGI/1.0: last call

ts (decoux@moulon.inra.fr)
Sat, 11 Dec 93 11:50:39 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Marc Andreessen: "NCSA Mosaic for X 2.1 available"
Previous message: Marc Andreessen: "Re: inline sounds"
Next in thread: Ari Luotonen: "Re: CGI/1.0: last call"

> Interesting. I just returned from a meeting where various security
> experts impressed on me just how bad an idea that is, as it increases
> the amount of code in the "Trusted Computing Base" unmanageably. They
> felt that such a system could never be rated secure.

You are right. But the problem is : authentication protocol of WWW (a la
un*x) is perhaps good enough for HTTP/0.9, but is not adapted for HTTP/1.0
particulary for method PUT, POST, DELETE.

Actually I prefer write a script with a better authentication rather than
use WWW to do it.

Put under "/htauth" specific scripts for authentication and don't use
this basic authentication protocol.

Guy Decoux

Next message: Marc Andreessen: "NCSA Mosaic for X 2.1 available"
Previous message: Marc Andreessen: "Re: inline sounds"
Next in thread: Ari Luotonen: "Re: CGI/1.0: last call"