True if Request contains the information to continue
according to Type. Type identifies the required
- Use HTTP
Basic authetication and verify the password from PasswordFile. PasswordFile
is a file holding usernames and passwords in a format compatible to Unix
and Apache. Each line is record with
: separated fields.
The first field is the username and the second the password hash.
Password hashes are validated using crypt/2.
Successful authorization is cached for 60 seconds to avoid overhead
of decoding and lookup of the user and password data.
just validates the header. If authorization is not provided the browser
must be challenged, in response to which it normally opens a
user-password dialogue. Example code realising this is below. The
exception causes the HTTP wrapper code to generate an HTTP 401 reply.
( http_authenticate(basic(passwd), Request, Fields)
; throw(http_reply(authorise(basic, Realm)))
|Fields ||is a list of fields from the
password-file entry. The first element is the user. The hash is skipped. |
- To be done
- Should we also cache failures to reduce the risc of DoS attacks?