[FX.php List] Proposed Auth Method Change to FX.php
Atsushi Matsuo
matsuo_atsushi at mac.com
Fri Jan 9 07:31:22 MST 2015
Hi,
'--anyauth' option of curl command uses the most secure one the remote site claims to support.
http://curl.haxx.se/docs/manpage.html#--anyauth
And FileMaker Web Publishing Engine seem not to support HTTP digest authentication.
The following request returns '401 Unauthorized' if specifying '--digest' instead of '--basic'.
$ curl -u USERNAME:PASSWORD --digest "http://127.0.0.1/fmi/xml/fmresultset.xml?-db=DBNAME&-lay=LAYOUTNAME&-findall&-max=1"
I think using CURLAUTH_BASIC instead of CURLAUTH_ANY is better.
--
Atsushi Matsuo
http://www.famlog.jp/
http://inter-mediator.org/
2015/01/09 3:02、Chris Hansen <chris at iViking.org> wrotes:
> This a question that likely only effects a few experts out there... There’s a pull request right now on github that would change FX.php to explicitly use Basic HTTP authentication. Presently the cURL option in there is CURLAUTH_ANY, which means that "cURL will poll the server to see what methods it supports and pick the best one [of four possibilites]." There are more details (under CURLAUTH_ANY) here:
>
> http://us1.php.net/manual/en/function.curl-setopt.php
>
> Is there anyone whose FileMaker web setup is using other than BASIC authentication?
More information about the FX.php_List
mailing list