[thelist] send HTTP authentication from PHP page?
Chris Hayes
chris at lwcdial.net
Wed Oct 6 17:43:28 CDT 2004
Not sure what you mean? How does this work?
AFAIK it works on a browser session, and that means the browser that's
targeted needs to be the session browser or child of the browser, or else
you will need a new session and log in again.
----- Original Message -----
From: "noah" <noah at tookish.net>
To: <thelist at lists.evolt.org>
Sent: Wednesday, October 06, 2004 9:18 PM
Subject: Re: [thelist] send HTTP authentication from PHP page?
> Theodore Serbinski wrote (06/10/2004 3:24 PM):
>
> > When users are logged into our intranet, I want them to be able to goto
> > our webmail address and be logged in automatically. Right now, when you
> > click on our webmail link, MS Exchange asks for the username/password
> > combo. I wanted to make this connection seamless in PHP which would Erm,
you have a secure area,
> > already take their logged in username/password and send this to MS
> > Exchange so they could see their mail without logging in again.
> >
> > Looks like this won't work though, unless of course I'm implementing it
> > wrong. Thanks!
>
> It's frustrating that Microsoft, rather than fixing the security problem
> that made this sort of URL potentially dangerous, just disabled it
> altogether. It's something that I've run into a number of times.
>
> For example, if you have a password protected area of your site accessed
> via session-based authentication, there is no way of transparently
> linking to password-protected PDFs. You either have to put the PDFs in
> an unprotected directory, or you have to make the user re-enter his or
> her username and password. The latter appraoch is even more of a hassle
> when you consider that if you're dynamically adding and managing users
> you have to manage their username/password info in the authentication
> file as well as in the database.
>
> Cheers,
> --
> Noah St.Amand
> tookish digital communication
>
> phone: 613.549.5394
> mobile: 416.452.7840
> sms: sms at tookish.net
> email: noah at tookish.net
> web: http://www.tookish.net/
> --
>
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
More information about the thelist
mailing list