Magnus Lie Hetland <[EMAIL PROTECTED]> wrote: > >After our previous discussion about http authentication, I decided to >go with mod_auth_pgsql -- and it works just fine, together with a >Location entry in httpd.conf (which specifies the path including >WebKit.cgi). Now I don't have to think about the password handling >beyond having a proper table in my database (which I'll be using >anyway). Seems like a nice solution to me.
This reminds me of what you can do with Apache Tomcat and Java servlets. With that product, it's possible to set up a "realm" which uses a particular authentication mechanism (file, JDBC, LDAP via JNDI), but an interesting thing with recent servlet developments is that you can specify a login form in your application's "deployment descriptor" (I suppose this is a bit like a "Location" section in vanilla Apache) which automatically appears if a user enters a protected zone. This login form uses standard field names which are then automatically validated against a realm by Tomcat itself and, subject to the response from the realm, a redirect to either an error page or the original page to be visited occurs. Effectively, it's basic authentication without the login window (and presumably with session trickery going on behind the scenes), but it seems quite nice and is potentially something like Magnus could use... or implement in Webware? ;-) Paul -- Get your firstname@lastname email at http://Nameplanet.com/?su _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
