[Rets-dev] Extending RETS Authentication Choices
dbt
retsdev at develest.com
Tue Apr 17 09:09:20 CDT 2007
On Mon, Apr 16, 2007 at 06:15:44PM -0400, Jeff Brush wrote:
> dbt,
>
> Normally I'd agree with you.
>
> But in this case,
> - inventing a new HTTP auth standard for OTP breaks, or at least requires extensions of, existing http libs. This leads to incompatibilities as different people each implement their 'own' solution.
> - OTP is done once for the entire session. HTTP Auth is, or should be, done for every request. So they are different beasts. If you'd rather, it can be done as a new HTTP header - just a little less flexible.
> Jeff
sure. i'd be fine with creating an auth profile where you just POST
to the login page, get back your list of URLs, and then keep that
cookie around for the rest of the session. I'm just saying, if you
can't do it in headers with the current state of http libraries,
then don't make it a protocol mess because it happens to work with
the tools currently available.
"Make no little plans; they have no magic to stir men's blood."*
- Daniel Burnam.
-dbt
* please note this quote makes more sense in this context if you
substitute my mis-remembered version, "make no half-measures..."
More information about the Rets-dev
mailing list