Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 77135 invoked from network); 11 Apr 2004 04:12:54 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 11 Apr 2004 04:12:54 -0000 Received: (qmail 57473 invoked by uid 500); 11 Apr 2004 04:12:12 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 57099 invoked by uid 500); 11 Apr 2004 04:12:08 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 57067 invoked from network); 11 Apr 2004 04:12:08 -0000 Received: from unknown (HELO loanprocessing.net) (69.3.31.187) by daedalus.apache.org with SMTP; 11 Apr 2004 04:12:08 -0000 Received: from Spike (016.116-113-64.ftth.swbr.surewest.net [64.113.116.16]) by loanprocessing.net (8.11.6/8.11.6) with SMTP id i3B4CFU31326 for ; Sat, 10 Apr 2004 21:12:15 -0700 Message-ID: <078701c41f7b$2d208180$0300a8c0@Spike> From: "Mike McMullen" To: References: <06ca01c41f50$566c0120$0300a8c0@Spike> <072b01c41f62$73944750$0300a8c0@Spike> Date: Sat, 10 Apr 2004 21:12:16 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Baton-MailScanner-Information: Please contact the ISP for more information X-Baton-MailScanner: Found to be clean X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Fw: GET and auth_digest X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N ----- Original Message ----- From: "Joshua Slive" To: Sent: Saturday, April 10, 2004 8:14 PM Subject: Re: [users@httpd] Fw: GET and auth_digest > > On Sat, 10 Apr 2004, Mike McMullen wrote: > > Unfortunately I don't have control of the browsers that will be using the > > actual > > CGI applications we provide clients. We would like to use auth_digest and > > SSL for > > security reasons. All of our customers are MSIE users and very > > non-technical. > > > > I'm fairly new to all this so if my questions seem a little dim, I > > apologize. What alternatives > > do I have to work around this? Does this require I use the development code > > and build > > my own server from source? I'm a little hesitant to do that in a production > > environment. If there > > is anyway I can change either CGI or setup to get it to work with digest? > > You have a couple options. > > 1. Apply the patch that I mentioned, rebuild apache (./config.nice > from the source directory) and then add > BrowserMatch MSIE AuthDigestEnableQueryStringHack > to httpd.conf. I image that the patch should apply cleanly to 2.0, > although I haven't tried it myself. This way you get the fix without > having to run an unstable version. > > 2. Make sure that you don't use any query string. You can do this by > using POST instead of GET in forms, or by passing parameters to the CGI > script in the form of PATH_INFO (as in > http://example.com/script.cgi/parameter1/parameter2/etc) > > Joshua. > This is extremely helpful! I really appreciate you taking the time to help me with this. Thanks! Mike --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org