Christopher Schmidt wrote:
On Fri, Aug 31, 2007 at 11:05:23PM -0400, Ed McNierney wrote:
So we need to compromise to live in the real world. The "wrapper" script is
one way to do that. If I create a wrapper PHP script such that my WMS Resource URI
changes from:
http://my.server.com/mapserv?map=my.map&;
to:
http://my.server.com/mapserv.php?user=me&password=secret&;
then I'm really not doing anything different than what HTTP Basic
authentication is doing, except for putting a few of the bytes in different
places in the HTTP request. It is hard to see that using HTTP Basic
authentication is fundamentally the Right Way and the querystring parameters is
the Evil Way, since they are almost identical. Perhaps the wrapper approach
even has the benefit of reminding the user that their id and password are being
sent as clear text!
Actually, clear-text passwords in the URL string are certainly the
'wrong way' from the perspective of the web -- because they can be
cached by proxies. So, your credentials will now be stored in a proxy
somewhere, and if the logs of the server are web accessible (even in
limited form, as is often the case with web log analyzers) your password
and username are accessible that way, etc.
Now, whether the mechanism described here makes the situation more
possible to use in various clients is a different question entirely, but
it is clear that there are a number of reasons why embedding the
username and password in a GET request string is bad for users.
Passing something along in clear text is different from putting it in
the URL string, because the URL string is, by the nature of the way the
web works, designed to be public + sharable, which is something silghtly
different.
Regards,
Good points.
Ed, I appreciate the need to be pragmatic. At the same time, we need to
start pushing back against crappy client software, and start advocating
for and implementing with best practices or the situation is just going
to get worse. (The cynic in me feels that service providers like
proprietary auth for its potential to lock-in customers. Free services
are interchangeable, for-fee services less so.)
I've got some great ideas for making per-layer CGI auth issues go away
(or at least move them to a more appropriate layer of your system). Look
me up at FOSS4G and fill my beer glass if you want to hear them ;)
Cheers,
Sean
