[Seaside] WABasicAuthentication

Brian Brown rbb at techgame.net
Fri Mar 25 19:16:32 CET 2005

On Mar 25, 2005, at 10:10 AM, Avi Bryant wrote:

> On Fri, 25 Mar 2005 12:06:29 -0500, Daniel Salama <dsalama at user.net> 
> wrote:
>> Now, what I'd like to be able to do is, instead of using the standard
>> WABasicAuthentication that opens up a browser login window, I'd like 
>> to
>> be able to redirect the user to a login form. WABasicAuthentication
>> sends information in clear text to the server and my login form is
>> running with SSL.
> Maybe there's something I'm missing, but: if the connection to the
> server is over SSL, why would the login form use that but not the
> basic auth?  They're both just sending plaintext over HTTP.  Are
> headers not encrypted with HTTPS?

You are not missing anything :-) If the connection between the browser 
and the server is over https, then so is the basic auth. That has been 
the standard techique for years to utilize basic auth in a secure 
manner, since it sends that username/password for every connection.


> Avi
> _______________________________________________
> Seaside mailing list
> Seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/listinfo/seaside

More information about the Seaside mailing list