[FX.php List] Proposed Auth Method Change to FX.php

Atsushi Matsuo matsuo_atsushi at mac.com
Fri Jan 9 07:31:22 MST 2015


Hi,

'--anyauth' option of curl command uses the most secure one the remote site claims to support.

http://curl.haxx.se/docs/manpage.html#--anyauth

And FileMaker Web Publishing Engine seem not to support HTTP digest authentication.
The following request returns '401 Unauthorized' if specifying '--digest' instead of '--basic'.

$ curl -u USERNAME:PASSWORD --digest "http://127.0.0.1/fmi/xml/fmresultset.xml?-db=DBNAME&-lay=LAYOUTNAME&-findall&-max=1"

I think using CURLAUTH_BASIC instead of CURLAUTH_ANY is better.

-- 
Atsushi Matsuo
http://www.famlog.jp/
http://inter-mediator.org/


2015/01/09 3:02、Chris Hansen <chris at iViking.org> wrotes:
> This a question that likely only effects a few experts out there...  There’s a pull request right now on github that would change FX.php to explicitly use Basic HTTP authentication.  Presently the cURL option in there is CURLAUTH_ANY, which means that "cURL will poll the server to see what methods it supports and pick the best one [of four possibilites]."  There are more details (under CURLAUTH_ANY) here:
> 
> http://us1.php.net/manual/en/function.curl-setopt.php
> 
> Is there anyone whose FileMaker web setup is using other than BASIC authentication?


More information about the FX.php_List mailing list