[vlc-devel] [PATCH 1/8] Add library functions for HTTP client authentication
Rémi Denis-Courmont
rem at videolan.org
Sat Jan 10 16:49:12 CET 2009
Le samedi 10 janvier 2009 17:26:23 Antoine Cellerier, vous avez écrit :
> On Sat, Jan 10, 2009, Michael Hanselmann wrote:
> > Most of the code is taken from modules/access/http.c, although it
> > includes modifications to make it work as library functions and to
> > fix some issues. The HTTP access module can be converted at a
> > later point, but there's still some stuff needing cleanup first.
>
> I'd really like to have the HTTP access module converted to use this so
> that we don't have duplicate code. If it's not done now I doubt that it
> will ever get done. (On a side note, would it be possible to merge this
> with the server side http authentication code already present in the
> core?)
The server side HTTP code only supports plain, which is trivial. I am very
reluctant to cluttering it with digest support. If you don't want to leak
your VLC admin password in clear, use TLS.
In any case, I very much doubt the code could be merged, as HTTP
authentication is completely asymetric: client authenticates to server, and
_not_ vice-versa (another reason why TLS is better).
--
Rémi Denis-Courmont
http://git.remlab.net/cgi-bin/gitweb.cgi?p=vlc-courmisch.git;a=summary
More information about the vlc-devel
mailing list