Re: PUT authoring

["Roy T. Fielding" <fi...@liege.ICS.UCI.EDU>]

> Just a thought... is there a way to use "skey" to make authoring
> secure? If apache could send back a challenge, the user can (outside
> of the browser) generate the correct one-time-password and send that along
> with the PUT. No unique one-time-password and the PUT is rejected... much
> simpler than anything I've seen discussed so far.

You can do it using Basic auth if you change the server's AA module
to process the skey instead of a crypt passwd (I suppose a smart
implementation might use an impossible, special password in the DB
as an indication that skey should be used, but I'm not sure about that).
I don't know enough about skey to tell whether or not it would be
any good in terms of security (or even if it would work, really),
but Peter Churchyard keeps rambling about it being possible.

.....Roy