httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike McMullen" <...@loanprocessing.net>
Subject Re: [users@httpd] Fw: GET and auth_digest
Date Sun, 11 Apr 2004 04:12:16 GMT

----- Original Message ----- 
From: "Joshua Slive" <joshua@slive.ca>
To: <users@httpd.apache.org>
Sent: Saturday, April 10, 2004 8:14 PM
Subject: Re: [users@httpd] Fw: GET and auth_digest


>
> On Sat, 10 Apr 2004, Mike McMullen wrote:
> > Unfortunately I don't have control of the browsers that will be using
the
> > actual
> > CGI applications we provide clients. We would like to use auth_digest
and
> > SSL for
> > security reasons. All of our customers are MSIE users and very
> > non-technical.
> >
> > I'm fairly new to all this so if my questions seem a little dim, I
> > apologize. What alternatives
> > do I have to work around this? Does this require I use the development
code
> > and build
> > my own server from source? I'm a little hesitant to do that in a
production
> > environment. If there
> > is anyway I can change either CGI or setup to get it to work with
digest?
>
> You have a couple options.
>
> 1.  Apply the patch that I mentioned, rebuild apache (./config.nice
> from the source directory) and then add
> BrowserMatch MSIE AuthDigestEnableQueryStringHack
> to httpd.conf.  I image that the patch should apply cleanly to 2.0,
> although I haven't tried it myself.  This way you get the fix without
> having to run an unstable version.
>
> 2. Make sure that you don't use any query string.  You can do this by
> using POST instead of GET in forms, or by passing parameters to the CGI
> script in the form of PATH_INFO (as in
> http://example.com/script.cgi/parameter1/parameter2/etc)
>
> Joshua.
>

This is extremely helpful! I really appreciate you taking the time to help
me with this.

Thanks!

Mike


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message