Apparently he liked my last email and requested that I post it to the list. So,
as we are both agreed to that, here it is:
--------- included message ----------------
From: SMTP%"sanders@bsdi.com" 11-NOV-1994 17:27:02.71
To: lilley@v5.cgu.mcc.ac.uk (Chris Lilley, Computer Graphics Unit)
CC:
Subj: Re: authentication cleanups
You should post this to the list...
Chris Lilley, Computer Graphics Unit writes:
> Fine. Make it explicit that, in the case of a partial URL being returned, the
> browser must canonicalise it using the server name (which the clinet does
> know) and that the realm refers to that full URL with host alias and port
> number.
>
> So the password is explicitly stated (with an example in the spec) not to be
> presented to:
>
> - another machine using the same partial URL
> - the same server name on a different port number
> - a different alias for the same machine on the same port number.
>
> Re the last one, it is entirely possible that a server could support more than
> one virtual server on the same port. I believe this was discussed on the list
> previously. If there are different aliases this is probably for a reason.
>
> Comments?
-- Chris