[thelist] username:password in URLs
David Siedband
david at calteg.org
Wed Feb 4 17:41:50 CST 2004
Noah,
You could authenticate once and generate a short-lived unique ID at the
end of the URL specific to that login.
or just add the name and password at the end of the URL
http://www.domain.com/somePage.php?uname=sarah&password=s00pers3cr37
--
David
On Feb 4, 2004, at 2:44 PM, noah wrote:
> I hope this isn't something that's already been discussed -- I've
> fallen behind a little on my reading (only 2482 messages behind). I
> searched for it but didn't find anything. If it has been discussed,
> please forgive me and point me to the subject. Thanks.
>
> In case it hasn't been discussed, and in case anyone doesn't know
> already, the latest IE/Windows update has disabled URLs in the format:
>
> <http://username:password@domain.com/>
>
> I've tested it, and sure enough, they don't work. I get an "Invalid
> Syntax Error," and the standard IE "This page can not be displayed"
> page (even though I have a custom error page defined, but I'm not
> worrying about annoying little things like that yet).
>
> My problem is that I have a small PHP application that requires that
> the username and password be sent through the URL in order to work.
> Most of the app is protected with session-based authentication, but
> for certain pages, I can't include session-calling code at the top, so
> I put them in an .htaccess/.htpasswd protected directory, and pass the
> username and password through the URL.
>
> I realise that this is not particularly secure. These aren't state
> secrets I'm protecting, though, so I'm not worried about that.
>
> So my question is, is there another way to send the username/password
> transparently through PHP? I can see that the variables exist in the
> fetched page as:
>
> _SERVER["PHP_AUTH_USER"] and _SERVER["PHP_AUTH_PW"]
>
> but I can't figure out how to send the values to the page I'm
> requesting. I've found plenty of scripts to add users, add groups,
> etc., but nothing to just retrieve a protected page without having to
> type the username/password.
>
> Any advice greatly appreciated.
>
> Cheers,
> Noah
> --
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester and
> archives of thelist go to: http://lists.evolt.org Workers of the Web,
> evolt !
More information about the thelist
mailing list