Apache already has mod_digest (and mod_ldap), and IMHO it is better to delegate security to Apache (rather than re-implement digest in CherryPy). Also, it might be safer to _configure_ security declaratively than code it.
Has anyone deployed CherrPy behind mod_digest (or mod_ldap), and retrieved the "Authorization-Info" ?
Or, is it a wrong question? I am trying a parallel with MS IIS , where is possible to set Directory Security to "Windows Integrated". The CGI or ASP pages retrieve the "authenticated user" server variable, or headers.
When deploying CherryPy (3.0.1) behind Apache (Apache/1.3.33-Darwin with mod_digest and mod_proxy), CherryPy only receives these headers, and there is no username...
Request Headers:
X-FORWARDED-SERVER: local
REFERER: http://local/index
ACCEPT-LANGUAGE: en
HOST: localhost:8080
ACCEPT: */*
USER-AGENT: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
CONNECTION: close
Remote-Addr: 127.0.0.1
X-FORWARDED-HOST: local
X-FORWARDED-FOR: 192.168.255.3
ACCEPT-ENCODING: gzip, deflate
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment