[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-users] httpd and authentication
From: |
goldsimon |
Subject: |
Re: [lwip-users] httpd and authentication |
Date: |
Sat, 11 Nov 2017 09:07:28 +0100 |
User-agent: |
K-9 Mail for Android |
Giuseppe Modugno wrote:
>I'd like to protect some or all web pages and show them only to
>authorized
>people. I understood there are two methods: basic and digest.
I guess both are outdated. Modern web pages use a custom input field which is
sent to the server via POST. You'll need TLS obviously if you want the data to
be protected. The server then opens a session by sending the client a session
cookie which is then included in all further requests from the client.
Sadly, this is not implemented in lwip httpsd yet. The server code supports
POST but not sending/parsing cookies (although that part should be easy to
add). An overall example and session handling is missing though.
Simon