lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [patch #9576] Adding authorization cookie management

From: Giuseppe Modugno
Subject: [lwip-devel] [patch #9576] Adding authorization cookie management
Date: Tue, 13 Mar 2018 07:03:54 -0400 (EDT)
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 
Follow-up Comment #12, patch #9576 (project lwip):

Mike, I'm trying to add an authorization layer as per your idea.

You suggested to send username/password in the query string, maybe encrypted
with an algorithm that produce a different encrypted text.

Suppose the HTTP request is "GET /protected.html" without a query string. You
should redirect the browser to "/login.html" or you should answer with
"/login.html" file content (I suppose login.html is the page with the login
form).

The current httpd server calls fs_open(file, "/protected.html") function that
returns ERR_OK.
It appears to me that httpd_cgi_handler() is not called, because the query
string is absent.

How do you avoid replying with the original content of protected.html without
a valid authentication value?

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/patch/?9576>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]