Re: [users@httpd] Re: How to compose an URL so that login is done???

Mon, 08 Jan 2007 23:28:37 -0800 

Well in that case you can simply use a link like

http://www.site.com/program_name/username/password

and put the program "program_name" to parse the URL, get the username and
password, search the user in the file with users or a database and checks if
the password is correct, and if it is, let the user see the page.
The program should use cookie-based sessions, so the subsequent pages won't
need to make the authentication again.

Of course, the user has the rights to see the page, but when that user sees
it, other users might be around and also see the username/password used.
I think a better idea would be to make a POST request somehow and not a GET
one, because in that case at least the username/password are not shown in
the address bar.

You can create a form that uses the POST method, with the hidden username
and password fields set by default, and use a Javascript function that sends
the form for making the login...
In that case, the username and password will be sent in CGI style like http://www.site.com/program_name?user=xxx&password=zzz. 

Octavian
----- Original Message ----- From: "Bo Berglund" <[EMAIL PROTECTED]> 
To: <users@httpd.apache.org>
Sent: Tuesday, January 09, 2007 1:33 AM
Subject: [EMAIL PROTECTED] Re: How to compose an URL so that login is done???



On Tue, 9 Jan 2007 00:11:13 +0200, "Octavian Rasnita"
<[EMAIL PROTECTED]> wrote:


Yes I think you can do this using something like:

http://username:[EMAIL PROTECTED]/page.html

But this method is not very secure, since anyone can take a look in the
html
code of the help file, and the username/password are also shown in the
address bar of the browser when the user opens it.



I tried that but unfortunately it just generated a "page cannot be
displayed" error...

"someting like" is not working, maybe there is another kind of
variation on that???
I know it is not secure, but that was not my concern because these
users have the software that really should entitle them to access the
site...


Bo Berglund


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to