[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: kio's http authentication code
From:       Waldo Bastian <bastian () kde ! org>
Date:       2000-04-26 18:12:47
[Download RAW message or body]

kfm-devel readers: Please CC: to the original author when responding.

On Wed, 26 Apr 2000, you wrote:
> Hi,
>
>   I "stole" your http authentication code for use in my SIP
> implementation (kdenonbeta/dissipate).  I have some concerns about your
> (?) implementation of HTTP digest authentication.

Well, I didn't write that part. And actually I have no idea what is does / 
how it works. I'll forward your questions to the kfm-devel@kde.org 
mailinglist. You might want to subscribe to that one.

>   You can see my first go at fixing up the digest function by looking at
> kdenonbeta/dissipate/sipprotocol.cpp.  Changes I'd like to make are:
>
>  - only use qop if the remote end supports it!  Many hosts do not yet
>    implement the new rfc.
>  - random cnonce, and incrementing the nonce count.  a random cnonce is
>    useful for security (otherwise it's useless), and using nonce-count
>    can greatly speed up a session.
>  - you need to pass the method into the authentication code.  Not
>    everything is a GET request.
>
>   I also changed the digest code to act on QStrings directly, which in my
> implementation is useful.
>
>   Are you interested in these changes for kio/http?

Yes.

>   It it ok that my code took your code?  

Sure, that's what open source is about.

> How can I better acknowledge this?

You could add something like "based on kio_http code by ..." in the header of 
your source file, I believe Alex Zepeda wrote the authentication stuff, not 
sure though.

Cheers,
Waldo

[prev in list] [next in list] [prev in thread] [next in thread]