Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

Chris de Vidal wrote: Marek Kilimajer said: I searched this group and someone suggested disabling Apache's keepalives but I don't have root on this box so that option is out. Try to send "Connection: close" header, then the connection will be terminated by the client. I don't understand... would

Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

Marek Kilimajer said: >> I searched this group and someone suggested disabling Apache's >> keepalives but I don't have root on this box so that option is out. > > Try to send "Connection: close" header, then the connection will be > terminated by the client. I don't understand... would I place tha

Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

Well, there is a MD5 javascript app, if you put a onclick method on your submit button, to call the javascript, and md5 the password, you could use a GET request to pass the username and md5'd password into your login script. I'm not sure if there is an equivalent SHA javascript, but if there is,

Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

Chris de Vidal wrote: I searched this group and someone suggested disabling Apache's keepalives but I don't have root on this box so that option is out. Try to send "Connection: close" header, then the connection will be terminated by the client. -- PHP General Mailing List (http://www.php.net/)

RE: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

I'm about 90% sure that URL strings are passed in the clear to SSL servers, so this would defeat the purpose of SSL. I don't think this is true. You can see the query string in the address bar, but (with what little http knowledge I have) the http conversation is encrypted, if you sniff it, the

RE: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

Chris de Vidal on Thursday, March 18, 2004 12:49 PM said: > I'm about 90% sure that URL strings are passed in the clear to SSL > servers, so this would defeat the purpose of SSL. hmm.. good point. that never occured to me. chris. p.s. gosh my emails are taking f

RE: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

Chris W. Parker said: > maybe this is too simple an answer but how about using GET instead? I'm about 90% sure that URL strings are passed in the clear to SSL servers, so this would defeat the purpose of SSL. I've found that some people have solved this problem by upgrading the server to a newer

RE: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

Adam Voigt on Thursday, March 18, 2004 11:21 AM said: > If I ran XP I might be able to do that. From reading the security > release my MS, it sounds like some times the POST request gets b0rked, > if this is the case, I'm not sure there's much that can be done about

Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

Adam Voigt said: > If I ran XP I might be able to do that. From reading the security > release my MS, it sounds like some times the POST request gets b0rked, Yep. > if this is the case, I'm not sure there's much that can be done about > it. ...except find an alternate login method, which is my q

Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

> Have another look at the code. Try it on your server if you'd like. You > can replicate the problem with an XP box that's recently (this month) been > automatically updated. If I ran XP I might be able to do that. From reading the security release my MS, it sounds like some times the POST requ

Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod

Adam Voigt said: > What exactly is breaking? If it's the header to redirect, you could just > issue a meta refresh, or a javascript one. The only time redirects are sent is when there is a failure. Otherwise it's a simple post operation to a PHP file with an include. Have another look at the cod