[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [Bug-Wget] Handling of Multiple authorizations
From: |
Tim Ruehsen |
Subject: |
Re: [Bug-wget] [Bug-Wget] Handling of Multiple authorizations |
Date: |
Tue, 30 Jul 2013 15:21:20 +0200 |
User-agent: |
KMail/4.10.5 (Linux/3.10-1-amd64; KDE/4.10.5; x86_64; ; ) |
On Tuesday 30 July 2013 18:28:02 Darshit Shah wrote:
> According to RFC 2617, the server may either send multiple WWW-Authenticate
> Headers or a single WWW-Authenticate Header with multiple challenges. In
> such a case, it is advisable to select the most secure protocol known by
> the client for authentication.
>
> Wget, however uses only the first challenge it sees and begins sending the
> challenge response. This can be easily replicated through the
> Test-auth-both test in the new Test Environment I'm writing and is
> available at: https://www.github.com/darnir/wget-gsoc
>
> My question is, are we interested in fixing this or do we just let it be?
AFAIK, right now, this is a rare case. And if you stumble upon it in the real
world, the auth-schemes involved might or might not include the ones that Wget
supports (Basic|Digest).
But than, a preference for Digest would be nice and the HTTP header parser
should handle both cases (multiple WWW-Authenticate or one with multiple
challenges) correctly anyway.
So, I vote for 'Yes'.
Regards, Tim