httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject [BUG]: "authentication bypassed by MSIE 3.01 users" on Solaris 2.x (fwd)
Date Wed, 12 Mar 1997 13:10:10 GMT

Please tell me he's mistaken. This sounds too stupid to be true.

---------- Forwarded message ----------
Date: Tue Mar 11 21:12:48 1997
Subject: [BUG]: "authentication bypassed by MSIE 3.01 users" on Solaris 2.x

Operating system: Solaris 2.x, version: 
Version of Apache Used: 1.2b4
Extra Modules used: 
URL exhibiting problem: 

Users of MS IE 3.01 (on NT 4.0) are able to
bypass authentication by pressing the cancel button
when asked to supply a user name and password.

Apache serves the pages, and writes a blank in
the access log as the auth user. (Rather than the
"-" for an unknown user.)

Other versions of MS IE, and other brosers are not
able to do this. (They get an "authorisation
failed" error message)

This is not listed in the bug list. I am upgrading
to 1.2b7 to see if it exhibits the problem.



View raw message