tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Mauriello" <mm578...@albany.edu>
Subject Re: Question about BASIC Authentication
Date Thu, 01 Jul 2010 23:17:20 GMT
Christopher,

Great news (for me), seems the problem was that because I was using
relative linking and sending the credentials to log the user in to SOLR
the links on the landing page were being recreated with the same
credentials in them so I just put in direct link locations in and and for
the most part the problem is solved. It also is more secure this way
because turns out I was revealing the passwords that I was trying to keep
hidden.

Thanks for the help!

~Matt

> Christopher,
>
> I may have found a problem in the SOLR header.jsp file that I am using in
> navigation. The header.jsp file might be trying to send headers,
> unfortunately I am not in the same location as the server so I will have
> to check this out tomorrow.
>
> I'll keep you posted,
>
> ~Matt
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Matthew,
>>
>> On 6/30/2010 8:20 PM, Matthew Mauriello wrote:
>>> The behavior seems rather strange to me in fact, I've seen other
>>> websites
>>> run on what looks to be BASIC Authentication without popping these
>>> browser
>>> messages when leaving secured sections.
>>
>> Most websites use HTTP AUTH consistently, at least for a particular URL
>> prefix.
>>
>>> See the http://user:password@website.com/SOLR is only used once and it
>>> might actually be http://user:password@website.com/SOLR/ I have to look
>>> into this.
>>>
>>> I feel like the authentication cookie is being created for the user and
>>> then being forwarded to every page the user visits after that.
>>>
>>> I am hoping to find some way of preventing this behavior.
>>
>> Well, for starters, what web browser are you using? Can you give me a
>> sample URL that I can use to play with a test version of your webapp?
>>
>> - -chris
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkwr76cACgkQ9CaO5/Lv0PACLQCgjmn6kpeN1L3uQPuxpUEbHT8C
>> W/UAn1iaKySqcMfZNuttx7MjHYr6EqX4
>> =Yxdn
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message