httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Wood <timwo...@pacbell.net>
Subject Re: [users@httpd] microsoft security patch
Date Thu, 05 Feb 2004 18:46:43 GMT
At 09:08 AM 02/05/04, you wrote:
>As most of you know microsoft released a patch on the 2nd that stopped strings like http://user:password@URL
>
>well..I use this functionality and now my reports aren't working, their workarounds don't
work for me
>I'm trying to pass in the username and password in apache so IE doesn't die, but I also
want to hide the string.

Why start now?

>Something like
>
>ProxyPass /auth/ http://user:pass@server/auth
>ProxyPassReverse /auth/ http://user:pass@server/auth
>
>is what I'm looking for but obviously that won't work.

Please start doing minimal security.  All users will need to log in, then you can give them
a persistent cookie (with a longish expiration date) that authenticates them for the report
URL in the future.

TW


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message