You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/09/19 16:41:22 UTC

DO NOT REPLY [Bug 12814] - login through URL

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12814>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12814

login through URL

slive@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From slive@apache.org  2002-09-19 14:41 -------
Apache never sees stuff before the @ in the URL.  Rather, the browser
takes this stuff, BASE64 encodes it, and sends it in the Authorization
HTTP request header.

Therefore, the problem you are having is entirely with the browser,
not the server.  The server is only responsible for removing the BASE64
encoding, not for URL-decoding or any such thing.  See RFC2617.

In general, I wouldn't expect sending the userid/password in the URL
to be a very reliable technique across browsers.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org