[Io] Re: Web Clients (was Re: Monticello authentication methods?)

Todd Blanchard tblanchard at mac.com
Thu Sep 14 23:37:14 UTC 2006 

Ah, OK.  I just hate to see someone put time into rewriting the  
current HTTPSocket when we have free code lying around.  Especially  
since fixing the socket won't likely get us support for proxies,  
cookies, auth, and all that other web content stuff browsers do  
nowadays.

I'm a little busy just now but I have had a chance to look over the  
libraries in detail recently - perhaps I'll just make an executive  
decision and do it soon.

-Todd

On Sep 14, 2006, at 4:32 PM, Ken Causey wrote:

> On Thu, 2006-09-14 at 16:16 -0700, Todd Blanchard wrote:
>> Oh, I thought we had decided on the HC client.   Although, I confess
>> I've been looking at both.  Would the right thing to do be to just
>> pick one and replace the existing HTTPSocket implementation with it?
>
> I think anyone who provides a finished solution that is any  
> appreciable
> amount better than the current solution will be welcomed.  If you have
> an interest in putting the time into it then I applaud you and will
> likely support any solution you come up with.
>
>> I really would like to see HTTPSocket die and I'm sorry I didn't
>> follow through on that last spring.  For some reason I thought you
>> were talking with the author of one or the other packages and getting
>> clearance for inclusion.
>
> No need to apologize, it doesn't appear that any of the rest of us  
> have
> put forth any more time or effort into this issue.  I think though if
> you go back to the discussion in April
>
> http://lists.squeakfoundation.org/pipermail/io/2006-April/date.html
>
> you will find that the clearance was provided
>
> http://lists.squeakfoundation.org/pipermail/io/2006-April/000105.html
>
> and if you drill down to the current release it lists SqueakL as the
> license
>
> http://map.squeak.org/package/8644a5ff-923c-438f-b5b0-a281de346040/ 
> autoversion/1
>
> Let me note however that I merely pursued this to remove that  
> particular
> impediment to it being considered along with the other options.  I
> didn't evaluate it any further and certainly did not mean to indicate
> that I preferred it above any of the other solutions.
>
> Ken
>
>>
>> On Sep 14, 2006, at 8:58 AM, Ken Causey wrote:
>>
>>> There was discussion of replacing it within the IO team, but  
>>> never any
>>> decision as to what to replace it with.  That was back in April and
>>> there's been no further discussion or action since then that I'm  
>>> aware
>>> of.
>>>
>>> Ken
>>>
>>> On Thu, 2006-09-14 at 01:23 -0700, Todd Blanchard wrote:
>>>> I was under the impression we were going to deprecate that stuff in
>>>> favor of the  Steve Waring's http client package.
>>>>
>>>> Right Ken?
>>>>
>>>> -Todd Blanchard
>>>>
>>>> On Sep 13, 2006, at 11:21 PM, stephane ducasse wrote:
>>>>
>>>>> So why a group of guy start to fix it!
>>>>> Let's try to step by step little peeble by little peeble
>>>>> improve...No giant step just a tiny and simple one
>>>>>
>>>>>>> Note that this is not doing you any good security-wise, because
>>>>>>> MC will
>>>>>>> send the basic-auth user:password anyway, and only if that  
>>>>>>> fails,
>>>>>>> digest
>>>>>>> is tried. HTTPSocket authentication needs to be completely
>>>>>>> reworked.
>>>>>>
>>>>>> Not only authentication, everything. The whole class is just  
>>>>>> awful.
>>>>>>
>>>>>> Philippe
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>
>>

More information about the Io mailing list