[Web-SIG] Pre-PEP: Python Web Container Interface v1.0
Ng Pheng Siong
ngps at netmemetic.com
Sun Dec 7 22:36:40 EST 2003
On Mon, Dec 08, 2003 at 02:20:28PM +1100, Stuart Bishop wrote:
> Should environ['REMOTE_USER'] return '', None, or raise a KeyError if
> web server has performed no authentication on a request?
+1 for None.
Zope is able to use REMOTE_USER if the web server sets it, e.g.,
- ZServerSSL sets it to the client certificate's subject DN when available
and asked to.
- The RemoteUserFolder product was originally written to allow IIS to
do Windows authentication.
> accessing any variable defined at
> http://hoohoo.ncsa.uiuc.edu/cgi/env.html will never raise a KeyError.
For HTTPS there are a bunch of additional variables. I suppose most people
might consider mod_ssl's list canonical; I looked at it and copped out:
ZServerSSL exports only SSL_CIPHER for now.
Ng Pheng Siong <ngps at netmemetic.com>
http://firewall.rulemaker.net -+- All Your Rulebase Are Belong To You[tm]
http://sandbox.rulemaker.net/ngps -+- Open Source Python Crypto & SSL
More information about the Web-SIG