True if Request contains the information to continue
according to Type. Type identifies the required
authentication technique:
- basic(+PasswordFile)
- Use HTTP
Basic
authetication and verify the password from PasswordFile. PasswordFile
is a file holding usernames and passwords in a format compatible to Unix
and Apache. Each line is record with :
separated fields.
The first field is the username and the second the password hash.
Password hashes are validated using crypt/2.
Successful authorization is cached for 60 seconds to avoid overhead
of decoding and lookup of the user and password data.
http_authenticate/3
just validates the header. If authorization is not provided the browser
must be challenged, in response to which it normally opens a
user-password dialogue. Example code realising this is below. The
exception causes the HTTP wrapper code to generate an HTTP 401 reply.
( http_authenticate(basic(passwd), Request, Fields)
-> true
; throw(http_reply(authorise(basic, Realm)))
).
Fields | is a list of fields from the
password-file entry. The first element is the user. The hash is skipped. |
- To be done
- Should we also cache failures to reduce the risc of DoS attacks?