[BUG][ENH] Add userid and password to HTTP firewall authentication (conflict with Monticello?)

David Faught dave_faught at yahoo.com
Fri Dec 12 14:21:32 UTC 2003


Rob Withers wrote:
>I use your changeset for userid/passwd for authenticated proxy
>servers.  It works great!

Have you looked at http://minnow.cc.gatech.edu/squeak/954 or
http://minnow.cc.gatech.edu/squeak/3103 ?  You could help this
changeset become part of the update stream!  I haven't had much
feedback on other people using this.  And once more, just for the
record, I didn't write this, but I guess somehow I are the maintainer?

>  I just wanted to point out that there is a
>conflict with Monticello.  Monticello also has several methods
>defined in HTTPSocket class, that look like they support
>userid/passwd.  They are:
>
>HTTPSocket class>>#httpGet: url user: user passwd: passwd
>HTTPSocket class>>#httpGetDocument: url args: args accept: mimeType
> request: requestString
>
>The second method conflicts with your changeset.  The method
>#httpGet:user:passwd: is called from the MCHttpRepository class.  In
>digging a bit further, it looks like MCHttpRepository uses the
>string 'Authorization: Basic <userid:passwd>' for authenticating to
>password protected web servers.  Your changeset for password
>protected proxy servers uses the string 'Proxy-Authorization: Basic
><userid:passwd>'.  They don't seem to be interchangable from my quick
>tests.

I have not used Monticello, so this will take a bit more study, maybe
from someone that actually understands Monticello.  I'm kind of
wondering why Monticello needs to handle the 'Authorization: Basic'
case because this is handled automagically by Scamper.  Whoops!
Scamper isn't the base HTTPSocket code, is it?  I guess I haven't
found exactly where this gets handled yet.

In any case, yes these really are two different and unique
userid/password combinations for two different servers and they have
to be handled separately but in parallel, that is they both have to be
used at the same time.  I believe that they could both appear in the
same HTTP GET, as they do refer to different servers that are both
used for a single query.  I'm not sure that there is actually a
conflict here, but these two different userid/password combinations do
have to coexist, which they probably don't right now.

A bit more study is required!

__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/



More information about the Squeak-dev mailing list