[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Authentication and kio_http
From:       Kurt Granroth <granroth () kde ! org>
Date:       2000-06-13 22:17:51
[Download RAW message or body]

There seems to be an "issue" with out kio_http authenticates.

Basically, the process goes like this:

1) kio_http access a page with no password.  The page returns a "401
   Unauthorized"
2) kio_http then either pops up a Password dialog or uses a stored
   value.  It sends the request for the page again.. this time with
   the authentication info.
3) The remote server returns the page
4) kio_http requests another page.. again with no password.  Return to
   1)

In other words, every request for a page that needs authentication
(either Basic or Digest) takes *two* requests.  Not only does this
seems like a waste of bandwidth, it is apparently causing problems.

One example is the Zope management system.  Zope, for the uninitiated
is made up of a bunch of web "objects" that return HTML formatted
pages.  When you access static objects, the process of asking twice
works fine.. albeit with twice as many requests as necessary.

However, the Zope system has some dynamic objects that return
different pages depending on the current state.  The state is
determined using cookies AND the authentication.

So, for instance, if you request the 'manage_workspace' object, Zope
will check the authentication to see if it should return 'manage_main'
or some other lesser page.  It is possible to call that object with
*no* authentication... it then returns the default page.

Do you see where this is going?  Well, with kio_http, the first
request never has any auth info.  The manage_workspace object accepts
it as that is a valid request.  However, it is NOT the request you
thought you were sending!

So this needs to be fixed.

Are there any http experts that know of a really quick fix for this?
I'm going to start investigating it... but if you beat me to the fix,
I'd appreciate it :-)
-- 
Kurt Granroth            | http://www.granroth.org
KDE Developer/Evangelist | SuSE Labs Open Source Developer
granroth@kde.org         | granroth@suse.com
           KDE -- Putting a Friendly Face on Unix

[prev in list] [next in list] [prev in thread] [next in thread]