On Thu, Aug 11, 2005 at 10:30:35PM -0400, Chris Devers wrote: > > If a directory is password protected with .htaccess ... > > or do you always get the popup box?
I'm guessing you are talking about Basic Authentication here. A .htaccess file can contain pretty much any Apache directive, so it could be configured to use a Perl script for authentication (which would be more on topic for this list). > You may, however, be able to use this syntax: > http://Moe:[EMAIL PROTECTED]/members/index.html > Whether this will work depends on the server configuration. No, it depends on the browser. There is no difference between that syntax and typing into a dialog box as far as the server is concerned, its just different ways for the browser to gather the information from the user. The credentials in URL syntax hasn't got as much support as it used to have though, it was too often used in pishing schemes. > But note that embedding this in the URL is usually considered a bad > habit, unless you have no problem with this information being sent > across the internet in the clear for anyone to see. It is only in the clear if you don't use HTTPS - and if you don't use HTTPS then any password you send it going to be clear. The difference here is that it is visible in the URL - and so exposed to the look-over-the-user's-shoulder-in-the-real-world attack. -- David Dorward http://dorward.me.uk -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
