You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Sergio A Lima Jr <se...@ig.com.br> on 2004/03/15 20:09:54 UTC

[users@httpd] options of the mod_auth

Hello. 
    I want to log users in the .htaccess file only redirecting the url
with the password and user, like:
        http://user:pass@www.site.com/restrict/
    This function correctly with many browsers but with the Internet
Explorer I've got an "Invalid syntax error". 
  What have to do ? if I want to pass the user and password by POST with
a php script , how can I do that ?

Thanks

-- 
Sergio A Lima Jr <se...@ig.com.br>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] options of the mod_auth

Posted by Brian Dessent <br...@dessent.net>.

Sergio A Lima Jr wrote:

>     I want to log users in the .htaccess file only redirecting the url
> with the password and user, like:
>         http://user:pass@www.site.com/restrict/
>     This function correctly with many browsers but with the Internet
> Explorer I've got an "Invalid syntax error".
>   What have to do ? if I want to pass the user and password by POST with
> a php script , how can I do that ?

Microsoft removed this capability from IE because there was a bug in its
implementation that caused a security vulnerability.  You can re-enable
it by adding a key to the registry but you'd have to have every user do
that.

Brian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] options of the mod_auth

Posted by Joshua Slive <jo...@slive.ca>.

On Mon, 15 Mar 2004, Sergio A Lima Jr wrote:

> Hello.
>     I want to log users in the .htaccess file only redirecting the url
> with the password and user, like:
>         http://user:pass@www.site.com/restrict/
>     This function correctly with many browsers but with the Internet
> Explorer I've got an "Invalid syntax error".
>   What have to do ? if I want to pass the user and password by POST with
> a php script , how can I do that ?

You can't do that.  It was never really supported by the HTTP spec, and
is being removed from many browsers because it is used by spammers and
worms to disguise sites.

Basic auth works ONLY using the browser-based password popup.  If you want
any other kind of control, you need to role your own authorization using
cookies or similar session-management techniques.  Since you are using
php, you should be able to easily impliment the session management using
php features.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org