[thelist] username:password in URLs

David Siedband david at calteg.org
Wed Feb 4 17:41:50 CST 2004


You could authenticate once and generate a short-lived unique ID at the 
end of the URL specific to that login.

or just add the name and password at the end of the URL



On Feb 4, 2004, at 2:44 PM, noah wrote:

> I hope this isn't something that's already been discussed -- I've 
> fallen behind a little on my reading (only 2482 messages behind). I 
> searched for it but didn't find anything. If it has been discussed, 
> please forgive me and point me to the subject. Thanks.
> In case it hasn't been discussed, and in case anyone doesn't know 
> already, the latest IE/Windows update has disabled URLs in the format:
> <http://username:password@domain.com/>
> I've tested it, and sure enough, they don't work. I get an "Invalid 
> Syntax Error," and the standard IE "This page can not be displayed" 
> page (even though I have a custom error page defined, but I'm not 
> worrying about annoying little things like that yet).
> My problem is that I have a small PHP application that requires that 
> the username and password be sent through the URL in order to work. 
> Most of the app is protected with session-based authentication, but 
> for certain pages, I can't include session-calling code at the top, so 
> I put them in an .htaccess/.htpasswd protected directory, and pass the 
> username and password through the URL.
> I realise that this is not particularly secure. These aren't state 
> secrets I'm protecting, though, so I'm not worried about that.
> So my question is, is there another way to send the username/password 
> transparently through PHP? I can see that the variables exist in the 
> fetched page as:
> but I can't figure out how to send the values to the page I'm 
> requesting. I've found plenty of scripts to add users, add groups, 
> etc., but nothing to just retrieve a protected page without having to 
> type the username/password.
> Any advice greatly appreciated.
> Cheers,
> Noah
> -- 
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
> For unsubscribe and other options, including the Tip Harvester and 
> archives of thelist go to: http://lists.evolt.org Workers of the Web, 
> evolt !

More information about the thelist mailing list