It's been a long time since Netscape Navigator 4 would allow you to use the http://username:[EMAIL PROTECTED] form of a URI (which is legitimate, per http://www.ietf.org/rfc/rfc1738.txt, section 3.1) for http authentication with any web server. I miss it a lot, I used it for the username on my own bookmarks!
But this form has never been supported by IE and Mozilla, to my recollection (I think only ftp://[EMAIL PROTECTED] is supported). It needs to be implemented by the browser/client software to parse the URL properly. The best answer is to add functionality to your web application to recognize people through some other mechanism. Of course, there are tradeoffs for security when you use any of the following: cookie, certificate, session key, referring URL/IP, or a generic username/password to your area for everyone to easily remember. --Mark Mark Lavi, Enterprise Web Management Team @ SGI mailto:[EMAIL PROTECTED] || phone:+1-650-933-7707 -----Original Message----- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bo Berglund Sent: Monday, January 08, 2007 3:34 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Re: How to compose an URL so that login is done??? On Tue, 9 Jan 2007 00:11:13 +0200, "Octavian Rasnita" <[EMAIL PROTECTED]> wrote: >Yes I think you can do this using something like: > >http://username:[EMAIL PROTECTED]/page.html > >But this method is not very secure, since anyone can take a look in the html >code of the help file, and the username/password are also shown in the >address bar of the browser when the user opens it. > I tried that but unfortunately it just generated a "page cannot be displayed" error... "someting like" is not working, maybe there is another kind of variation on that??? I know it is not secure, but that was not my concern because these users have the software that really should entitle them to access the site... Bo Berglund --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
