I've protected a directory with an .htaccess file.
I'd like some of the files in this directory to be accessible by a scheduler
that runs an "URL". The problem is that the scheduler runs scripts in this
directory, so the server asks a username and password. How to avoid this ???
Should I set the .htaccess file to allow GET, but how ??? and what would be
the URL ???
directory tree:
admin
.htaccess
admin.htm //frame
adminmnu.htm //menu in frame
script1.php
script2.php
script3.php
I'd like to run the script from home with a scheduler like: http://www.mysite.com/admin/script2....password=pass;
username and password being the ones asked in the .htaccess file.
How to do so ?
Bob 13 2505
Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote: I've protected a directory with an .htaccess file.
I'd like some of the files in this directory to be accessible by a scheduler that runs an "URL". The problem is that the scheduler runs scripts in this directory, so the server asks a username and password. How to avoid this ??? Should I set the .htaccess file to allow GET, but how ??? and what would be the URL ???
directory tree:
admin .htaccess admin.htm //frame adminmnu.htm //menu in frame script1.php script2.php script3.php
I'd like to run the script from home with a scheduler like: http://www.mysite.com/admin/script2....password=pass; username and password being the ones asked in the .htaccess file.
How to do so ?
Bob
Theoretically: http://htuser:ht****@www.mysite.com/...&password=pass
Might work - or not... depends on the browser.
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle
*** Bob Bedford wrote/escribió (Fri, 24 Sep 2004 17:32:51 +0200): I've protected a directory with an .htaccess file.
I'd like to run the script from home with a scheduler like: http://www.mysite.com/admin/script2....password=pass; username and password being the ones asked in the .htaccess file.
You can't pass auth data this way if you are using Apache mod_auth; the
data must go in the request headers. I can think of two options:
* Use another auth system to protect the site
* Change your scheduled script so it can provide HTTP auth data
I normally use the latter option but of course it depends on what your
script looks like.
--
-- Álvaro G. Vicario - Burgos, Spain
-- Thank you for not e-mailing me your questions
--
Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote: Theoretically: http://htuser:ht****@www.mysite.com/...&password=pass Might work - or not... depends on the browser.
Already tried, seems not to work with IE6.... thanks anyway
Cheers
Yep. Exactly _there_ MS killed the support for this syntax "for security
reasons"...
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle
.oO(Simon Stienen) Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote: Theoretically: http://htuser:ht****@www.mysite.com/...&password=pass Might work - or not... depends on the browser.
Already tried, seems not to work with IE6.... thanks anyway
Cheers
Yep. Exactly _there_ MS killed the support for this syntax "for security reasons"...
The explanation might be questionable, but after all the decision was
correct. Username and password are not allowed in HTTP URLs by RFC 1783:
| An HTTP URL takes the form:
|
| http://<host>:<port>/<path>?<searchpart>
|
| where <host> and <port> are as described in Section 3.1. If :<port>
| is omitted, the port defaults to 80. No user name or password is
| allowed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^
| ^^^^^^^^
<http://www.freesoft.org/CIE/RFC/1738/14.htm>
It is allowed for other schemes like FTP.
Micha
.oO(Simon Stienen) Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote: Theoretically: http://htuser:ht****@www.mysite.com/...&password=pass Might work - or not... depends on the browser.
Already tried, seems not to work with IE6.... thanks anyway
Cheers
Yep. Exactly _there_ MS killed the support for this syntax "for security reasons"...
The explanation might be questionable, but after all the decision was
correct. Username and password are not allowed in HTTP URLs by RFC 1738:
| An HTTP URL takes the form:
|
| http://<host>:<port>/<path>?<searchpart>
|
| where <host> and <port> are as described in Section 3.1. If :<port>
| is omitted, the port defaults to 80. No user name or password is
| allowed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^
| ^^^^^^^^
<http://www.freesoft.org/CIE/RFC/1738/14.htm>
It is allowed for other schemes like FTP.
Micha
Michael Fesser <ne*****@gmx.net> wrote: .oO(Simon Stienen)
Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote: Theoretically:
http://htuser:ht****@www.mysite.com/...&password=pass
Might work - or not... depends on the browser.
Already tried, seems not to work with IE6.... thanks anyway
Cheers
Yep. Exactly _there_ MS killed the support for this syntax "for security reasons"...
The explanation might be questionable, but after all the decision was correct. Username and password are not allowed in HTTP URLs by RFC 1738:
| An HTTP URL takes the form: | | http://<host>:<port>/<path>?<searchpart> | | where <host> and <port> are as described in Section 3.1. If :<port> | is omitted, the port defaults to 80. No user name or password is | allowed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ^^^^^^^^
<http://www.freesoft.org/CIE/RFC/1738/14.htm>
It is allowed for other schemes like FTP.
Micha
Ok, but this RFC is dated 1994, I guess it will be updated soon, since
afaik http://user:pass@host/ is inplemented in every important browser and
webspace providers advertise with the so-called "@-domains".
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle
On Fri, 24 Sep 2004 23:29:39 +0200, Simon Stienen
<si***********@news.slashlife.de> wrote: Ok, but this RFC is dated 1994, I guess it will be updated soon,
No, not likely.
--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
"Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message
news:41***********************@news.sunrise.ch... I've protected a directory with an .htaccess file.
I'd like some of the files in this directory to be accessible by a
scheduler that runs an "URL". The problem is that the scheduler runs scripts in this directory, so the server asks a username and password. How to avoid this
??? Should I set the .htaccess file to allow GET, but how ??? and what would
be the URL ???
What exactly is this scheduler?
Chung Leong <ch***********@hotmail.com> wrote: "Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message news:41***********************@news.sunrise.ch... I've protected a directory with an .htaccess file.
I'd like some of the files in this directory to be accessible by a scheduler that runs an "URL". The problem is that the scheduler runs scripts in this directory, so the server asks a username and password. How to avoid this ??? Should I set the .htaccess file to allow GET, but how ??? and what would be the URL ???
What exactly is this scheduler?
The MS Windows "equivalent" for cron-jobs, but I don't know, how far the
functionality can compete with crons...
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle
Simon Stienen wrote: Ok, but this RFC is dated 1994,
RFC1738 has been updated by, amongst others, RFC2396 (1998),
the current spec of generic URI syntax. It'd be out of
place to define particular schemes there, but it does warn
against 'the passing of authentication information in clear
text' (sec. 3.2.2).
I guess it will be updated soon,
Don't guess about an RFC's status; search the index. http://www.rfc-editor.org/rfcsearch.html
since afaik http://user:pass@host/ is inplemented in every important browser and webspace providers advertise with the so-called "@-domains".
The ABNF in RFC2616, the authoritative reference for HTTP
URI syntax, doesn't allow usernames or passwords (also sec.
3.2.2).
--
Jock
"Simon Stienen" <si***********@news.slashlife.de> wrote in message
news:24**************@news.dangerouscat.net... Chung Leong <ch***********@hotmail.com> wrote: "Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message news:41***********************@news.sunrise.ch... I've protected a directory with an .htaccess file.
I'd like some of the files in this directory to be accessible by a scheduler that runs an "URL". The problem is that the scheduler runs scripts in
this directory, so the server asks a username and password. How to avoid
this ??? Should I set the .htaccess file to allow GET, but how ??? and what
would be the URL ???
What exactly is this scheduler?
The MS Windows "equivalent" for cron-jobs, but I don't know, how far the functionality can compete with crons...
Schedule wget or Netscape instead of IE and use the http://user:password@server/ syntax.
Chung Leong <ch***********@hotmail.com> wrote: "Simon Stienen" <si***********@news.slashlife.de> wrote in message news:24**************@news.dangerouscat.net... Chung Leong <ch***********@hotmail.com> wrote: "Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message news:41***********************@news.sunrise.ch... I've protected a directory with an .htaccess file.
I'd like some of the files in this directory to be accessible by a scheduler that runs an "URL". The problem is that the scheduler runs scripts in this directory, so the server asks a username and password. How to avoid this ??? Should I set the .htaccess file to allow GET, but how ??? and what would be the URL ???
What exactly is this scheduler?
The MS Windows "equivalent" for cron-jobs, but I don't know, how far the functionality can compete with crons...
Schedule wget or Netscape instead of IE and use the http://user:password@server/ syntax.
_I_ do have an unix server and therefore cron jobs :)
Anyway, the OP doesn't.
Instead of wget or Netscape, he could also call the PHP CLI to generate the
requests...
The one of PEAR should be just fine (never worked with PEAR :S) or any self
written... My own function for this is up at
<http://trashbin.dangerouscat.net/div/webcontent.php.txt>
(Hey, I wrote it for me, so it doesn't need any comments ;P)
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: yawnmoth |
last post by:
i'm trying to write a php script that will password protect some
random directory by creating a .htaccess file, and a password file to
accompany the .htaccess file, and it isn't working... ...
|
by: Joshua Beall |
last post by:
Hi All,
How do I disable magic quotes via .htaccess?
I put the following file in my webroot, but it does not disable
magic_quotes_gpc (according to phpinfo(), both the local and master value...
|
by: Ivo |
last post by:
Greetings newsgroup,
I am moving some php scripts to a new host. While getting to know the
server, I ran into a strange problem.
If I add a .htaccess file, or more specifically: a .htaccess with...
|
by: John |
last post by:
Hello.
I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.
I have looked everywhere for info on this and I mean everywhere...
|
by: Stoco |
last post by:
I am trying to create a generic interface that will manage various
..htaccess protected directories. In the ideal world, the .htaccess
would trigger a cgi script that would take login information...
|
by: Bill |
last post by:
Does ASP have a file whose function is similar to .htaccess on Apache? I'm
looking to protect subdirectory content.
|
by: Jack Hambabo |
last post by:
Hi,
I'm searching for a php script that can find out whether the current
user (I know _SERVER will give me the name for
non-cgi php) has the right to view a specific file.
My dream is that I...
|
by: nickyeng |
last post by:
I have checked this info from apache website, and i confused with it.
Procteing System files
it said:
To run a really tight ship, you'll want to stop users from setting up .htaccess files...
|
by: asherwolf |
last post by:
Hi,
I'm trying to do something I think is pretty neat, but I've just about pulled my hair out by the behavior of my server. I'm hosting on GoDaddy, using a subdomain (www.mywebpage.com maps to...
|
by: jaanus |
last post by:
Here we go...
What I have been trying to do is to forward all http requests containing /cms/ to http://cms.mydomain.com/
example1: http://host1.mydomain.com/cms/init.php would be parsed from...
|
by: MeoLessi9 |
last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
|
by: DolphinDB |
last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation.
Take...
|
by: Aftab Ahmad |
last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below.
Dim IE As Object
Set IE =...
|
by: ryjfgjl |
last post by:
ExcelToDatabase: batch import excel into database automatically...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: marcoviolo |
last post by:
Dear all,
I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: PapaRatzi |
last post by:
Hello,
I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
| |