473,396 Members | 1,846 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > basic authentication and kb832894

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Basic authentication and KB832894

Hi,

After applying "Cumulative Security Update for Internet Explorer
(832894)":

http://www.microsoft.com/technet/tre...n/ms04-004.asp

i am no longer able to authenticate users using this type of url:

https://un:pa**@www.blahblah.xyz

Reason for specifying un and pass in url is to stop transmitting
basic authentication in clear text but through https.
Code looks like:

<?
if ($HTTP_SERVER_VARS['HTTPS'] != 'on'){die("You must use HTTPS!");}

$un = $HTTP_POST_VARS['un'];
$pass = $HTTP_POST_VARS['pass'];
print ( "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL=https://" .$un.
":" .$pass. "@www.blahblah.xyz/~" .$un. "/page.php\">");
?>

How can I do this in a different way?

Thanks in advance.
Tito
Jul 17 '05 #1
3 1838
tito wrote:
Hi,

After applying "Cumulative Security Update for Internet Explorer
(832894)":

http://www.microsoft.com/technet/tre...n/ms04-004.asp

i am no longer able to authenticate users using this type of url:

https://un:pa**@www.blahblah.xyz

Reason for specifying un and pass in url is to stop transmitting
basic authentication in clear text but through https.
Code looks like:

<?
if ($HTTP_SERVER_VARS['HTTPS'] != 'on'){die("You must use HTTPS!");}

$un = $HTTP_POST_VARS['un'];
$pass = $HTTP_POST_VARS['pass'];
print ( "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL=https://" .$un.
":" .$pass. "@www.blahblah.xyz/~" .$un. "/page.php\">");
?>

How can I do this in a different way?

Thanks in advance.
Tito


Errr, I'm no expert on https but I was under the impression that
everything that goes to the web server using the https protocol is
encrypted, it's not just for the username and password.

~Cameron
Jul 17 '05 #2
On 2004-02-03 04:02:47 -0800, Cameron <fo*@bar.invalid> said:

You are correct. If SSL is being used for the connection then the
username/password is not transmitted in the clear, even with the prompt.
Entering your URL in that manner will only tell IE to use that info instead
of prompting for it.

--
AJ Zmudosky
There are no stupid questions, but there are a LOT of inquisitive idiots.
Jul 17 '05 #3
That's true.
But if client request page through HTTP he is prompted for un and pass
and it
goes in clear text. I am not in situation to change apache
configuration file to rewrite HTTP to HTTPS.
Jul 17 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
HTTP - basic authentication example.
by: Michael Foord | last post by:
#!/usr/bin/python -u # 15-09-04 # v1.0.0 # auth_example.py # A simple script manually demonstrating basic authentication. # Copyright Michael Foord # Free to use, modify and relicense. #...
Python
4
Redirect when using Windows (Basic) Authentication?
by: Dave | last post by:
Hi, Is there anyway to mimic forms authentication's loginUrl and RedirectFromLoginPage functionality using Windows authentication? We are developing intranet sites using basic authentication...
ASP.NET
3
problems with windows basic authentication
by: sefe dery | last post by:
hi ng, i try to create a asp.net 1.0 website on windows server 2003(Servername: ServerX) with iis 6.0. PROBLEM: The user should login with his windows credentials in basic.aspx and...
ASP.NET
0
ASP.NET Basic Authentication programmatically.
by: =?Utf-8?B?S29uc3RhbnRpbg==?= | last post by:
I am currently working on the application that need to simulate basic authentication programmatically using user's credentials that are known. Basically, the need is for a single sign on with a...
C# / C Sharp
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!