httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Crawford, Cole" <Cole.Crawf...@paymentech.com>
Subject RE: [users@httpd] microsoft security patch
Date Thu, 05 Feb 2004 20:35:46 GMT
ok..this is not my code, this is for an application called Actuate(and this was actuate's recommended
implementation), I'm the unix admin trying to figure out a quick and dirty until the developers
can fix their code.

If you have no helpful information, please keep your personal comments to yourself.

Geroge, That is the next option.

Thanks,
cole

-----Original Message-----
From: Tim Wood [mailto:timwood0@pacbell.net]
Sent: Thursday, February 05, 2004 1:47 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] microsoft security patch


At 09:08 AM 02/05/04, you wrote:
>As most of you know microsoft released a patch on the 2nd that stopped strings like http://user:password@URL
>
>well..I use this functionality and now my reports aren't working, their workarounds don't
work for me
>I'm trying to pass in the username and password in apache so IE doesn't die, but I also
want to hide the string.

Why start now?

>Something like
>
>ProxyPass /auth/ http://user:pass@server/auth
>ProxyPassReverse /auth/ http://user:pass@server/auth
>
>is what I'm looking for but obviously that won't work.

Please start doing minimal security.  All users will need to log in, then you can give them
a persistent cookie (with a longish expiration date) that authenticates them for the report
URL in the future.

TW


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


  
Learn more about Paymentech's payment processing services at www.paymentech.com
THIS MESSAGE IS CONFIDENTIAL.  This e-mail message and any attachments are proprietary and
confidential information intended only for the use of the recipient(s) named above.  If you
are not the intended recipient, you may not print, distribute, or copy this message or any
attachments.  If you have received this communication in error, please notify the sender by
return e-mail and delete this message and any attachments from your computer.
~2

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message