httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Wood <>
Subject Re: [users@httpd] microsoft security patch
Date Thu, 05 Feb 2004 18:46:43 GMT
At 09:08 AM 02/05/04, you wrote:
>As most of you know microsoft released a patch on the 2nd that stopped strings like http://user:password@URL
>well..I use this functionality and now my reports aren't working, their workarounds don't
work for me
>I'm trying to pass in the username and password in apache so IE doesn't die, but I also
want to hide the string.

Why start now?

>Something like
>ProxyPass /auth/ http://user:pass@server/auth
>ProxyPassReverse /auth/ http://user:pass@server/auth
>is what I'm looking for but obviously that won't work.

Please start doing minimal security.  All users will need to log in, then you can give them
a persistent cookie (with a longish expiration date) that authenticates them for the report
URL in the future.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message