Re: [hackers] [quark] Thoughts on CGI and authentication?

From: José Miguel Sánchez García <soy.jmi2k_AT_gmail.com>
Date: Thu, 22 Oct 2020 22:07:37 +0200

I had HTTP basic and digest auth in mind. They both can be implemented
pretty easily without adding external dependencies and with a
reasonable amount of code. Everything more advanced is straight out of
scope for quark.
Thanks for suggesting basic! I wasn't sure about it, as it's pretty
insecure nowadays. But I acknowledge that, for quark's use cases, it
is perfectly reasonable.

Best regards.
José Miguel


On Thu, Oct 22, 2020 at 9:42 PM Hiltjo Posthuma <hiltjo_AT_codemadness.org> wrote:
>
> On Thu, Oct 22, 2020 at 08:52:27PM +0200, José Miguel Sánchez García wrote:
> > Hello,
> >
> > I'm currently serving my static webpage with quark. I want to add some
> > CGI, but the opinion here about CGI support in the server is pretty
> > low. I'm trying to update the basecgi patch, but the latest changes
> > adding interruptibility seem to complicate the design (the goals of
> > these two are kinda opposite to what CGI does right? I mean, these are
> > about memory-bounded operation and CGI scripts can generate
> > arbitrarily long data, which must be known before even generating the
> > response header). I have no experience with HTTP whatsoever, so I want
> > to hear better-informed opinions ;)
> >
> > About authentication, I think it is a pretty useful feature. I'll
> > investigate how to implement it properly (abusing file system
> > ownership/permissions, through a table of auth realms in config.h,
> > command line parameters... Again, I'd like to hear more opinions) and
> > upload it as a patch. Is it interesting enough to include it upstream?
> >
> > Best regards.
> > José Miguel
> >
>
> Hi Miguel,
>
> I'd use HTTP Basic Auth. It's just a simple HTTP header.
>
> https://tools.ietf.org/html/rfc7617
>
> --
> Kind regards,
> Hiltjo
>
Received on Thu Oct 22 2020 - 22:07:37 CEST

This archive was generated by hypermail 2.3.0 : Thu Oct 22 2020 - 22:24:32 CEST