[Rets-dev] Extending RETS Authentication Choices
Jeff Brush
jeffbrush at hotmail.com
Mon Apr 16 17:15:44 CDT 2007
dbt,
Normally I'd agree with you.
But in this case,
- inventing a new HTTP auth standard for OTP breaks, or at least requires extensions of, existing http libs. This leads to incompatibilities as different people each implement their 'own' solution.
- OTP is done once for the entire session. HTTP Auth is, or should be, done for every request. So they are different beasts. If you'd rather, it can be done as a new HTTP header - just a little less flexible.
Jeff
> Date: Mon, 16 Apr 2007 16:44:52 -0500> From: retsdev at develest.com> To: rets-dev at rets.org> Subject: Re: [Rets-dev] Extending RETS Authentication Choices> > On Mon, Apr 16, 2007 at 04:51:09PM -0400, Jeff Brush wrote:> > What about this--> > > > Let the username/pin be used as a regular digest username/password auth and> > because the OTP can be plaintext anyway just send it as a query string> > parameter with the login request as in:> > > > http://myrets.server.com/login?OTP=xyz> > Oh please god no. > > Either do auth in the headers or do it with a form post but don't > splatter it across both.> > _______________________________________________> Rets-dev mailing list> Rets-dev at rets.org> http://lists.rets.org/mailman/listinfo/rets-dev
_________________________________________________________________
With Windows Live Hotmail you can now see trouble….before he arrives. Check it out for yourself.
http://www.Newlivehotmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rets.org/pipermail/rets-dev/attachments/20070416/1faf77aa/attachment.html
More information about the Rets-dev
mailing list