[Rets-dev] Extending RETS Authentication Choices
dbt
retsdev at develest.com
Mon Apr 16 16:44:52 CDT 2007
On Mon, Apr 16, 2007 at 04:51:09PM -0400, Jeff Brush wrote:
> What about this--
>
> Let the username/pin be used as a regular digest username/password auth and
> because the OTP can be plaintext anyway just send it as a query string
> parameter with the login request as in:
>
> http://myrets.server.com/login?OTP=xyz
Oh please god no.
Either do auth in the headers or do it with a form post but don't
splatter it across both.
More information about the Rets-dev
mailing list