Re: [lwip-users] httpd and authentication

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] httpd and authentication

From:	goldsimon
Subject:	Re: [lwip-users] httpd and authentication
Date:	Sat, 11 Nov 2017 09:07:28 +0100
User-agent:	K-9 Mail for Android

Giuseppe Modugno wrote:
>I'd like to protect some or all web pages and show them only to
>authorized
>people. I understood there are two methods: basic and digest.

I guess both are outdated. Modern web pages use a custom input field which is 
sent to the server via POST. You'll need TLS obviously if you want the data to 
be protected. The server then opens a session by sending the client a session 
cookie which is then included in all further requests from the client.

Sadly, this is not implemented in lwip httpsd yet. The server code supports 
POST but not sending/parsing cookies (although that part should be easy to 
add). An overall example and session handling is missing though.

Simon

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] httpd and authentication, Giuseppe Modugno, 2017/11/11
- Re: [lwip-users] httpd and authentication, goldsimon <=
  - Re: [lwip-users] httpd and authentication, Giuseppe Modugno, 2017/11/13

Prev by Date: [lwip-users] httpd and authentication
Next by Date: Re: [lwip-users] httpd and authentication
Previous by thread: [lwip-users] httpd and authentication
Next by thread: Re: [lwip-users] httpd and authentication
Index(es):
- Date
- Thread