View Single Post
Old 12-23-2012, 05:37 AM   #304
Philantrop
Addict
Philantrop has much to be proud ofPhilantrop has much to be proud ofPhilantrop has much to be proud ofPhilantrop has much to be proud ofPhilantrop has much to be proud ofPhilantrop has much to be proud ofPhilantrop has much to be proud ofPhilantrop has much to be proud ofPhilantrop has much to be proud ofPhilantrop has much to be proud ofPhilantrop has much to be proud of
 
Philantrop's Avatar
 
Posts: 217
Karma: 27599
Join Date: Dec 2008
Device: iOS devices
Kris, well, Calibre server might do that by default but it only supports http out-of-the-box either. For https support, Kovid Goyal, its author, recommends integrating Calibre server into other servers: http://manual.calibre-ebook.com/server.html

I did that using WSGI (the reverse proxy idea will cause http/https mixtures and, thus, cause at least warnings on practically all platforms and errors on iOS >= 5.0).

Since basic authentication is just fine when used over a secure SSL connection, I'm using that and I think a lot of people do, too.

The OPDS spec says the following:

Quote:
13. Securing OPDS Catalogs
OPDS Catalogs are delivered over HTTP. Authentication requirements for HTTP are covered in Section 11 of [RFC2616].

The type of authentication required for any OPDS Catalog is a decision to be made by the OPDS Catalog provider. OPDS Catalog clients are likely to face authentication schemes that vary across OPDS Catalogs. At a minimum, client and server implementations MUST be capable of being configured to use HTTP Basic Authentication [RFC2617] in conjunction with a connection made with TLS 1.0 [RFC2246] or a subsequent standards-track version of TLS supporting the conventions for using HTTP over TLS described in [RFC2818]. It is RECOMMENDED that OPDS Catalog clients be implemented in such a way that new authentication schemes can be deployed.

Because this protocol uses HTTP response status codes as the primary means of reporting the result of a request, OPDS Catalog providers are advised to respond to unauthorized or unauthenticated requests using an appropriate 4xx HTTP response code (e.g., 401 "Unauthorized" or 403 "Forbidden") in accordance with [RFC2617].
(Source: http://opds-spec.org/specs/opds-catalog-1-0-20100830/)

This is important in so far as Calibre isn't the only OPDS implementation. If you want to support it fully, you really should support basic authentication as well.

Personally, I absolutely need OPDS with basic authentication support because there's really no other option for me. All the font, themes, etc. details are secondary to me because some things might not be perfect yet but this is absolutely vital.

Please, please, please - support it. :)
Philantrop is offline