It's been a long time since Netscape Navigator 4 would allow you to use the http://username:password@servername form of a URI (which is legitimate, per http://www.ietf.org/rfc/rfc1738.txt, section 3.1) for http authentication with any web server. I miss it a lot, I used it for the username on my own bookmarks! But this form has never been supported by IE and Mozilla, to my recollection (I think only ftp://username@server is supported). It needs to be implemented by the browser/client software to parse the URL properly. The best answer is to add functionality to your web application to recognize people through some other mechanism. Of course, there are tradeoffs for security when you use any of the following: cookie, certificate, session key, referring URL/IP, or a generic username/password to your area for everyone to easily remember. --Mark Mark Lavi, Enterprise Web Management Team @ SGI mailto:mlavi@xxxxxxx || phone:+1-650-933-7707 -----Original Message----- From: news [mailto:news@xxxxxxxxxxxxx] On Behalf Of Bo Berglund Sent: Monday, January 08, 2007 3:34 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: How to compose an URL so that login is done??? On Tue, 9 Jan 2007 00:11:13 +0200, "Octavian Rasnita" <orasnita@xxxxxxxxx> wrote: >Yes I think you can do this using something like: > >http://username:password@xxxxxxxxxxxx/page.html > >But this method is not very secure, since anyone can take a look in the html >code of the help file, and the username/password are also shown in the >address bar of the browser when the user opens it. > I tried that but unfortunately it just generated a "page cannot be displayed" error... "someting like" is not working, maybe there is another kind of variation on that??? I know it is not secure, but that was not my concern because these users have the software that really should entitle them to access the site... Bo Berglund --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|