Apache Realms and [PROTECT]

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 53681
interpreted = N
texte = I have a site that uses WebDNA to authenticate users. Users enter their username/password in a form, and WebDNA checks their info against the Users.db file. If the info is valid, they are redirected to a new [PROTECT]'ed page using the following scheme. This allows the browser to cache the username/password info. http://username:password@www.mydomain.com/home.tpl This has worked well for months, but users found out that they were able to access Word/Excel documents in the "files" directory on this site by calling them up via the correct address/path. This allowed them to bypass the login page, so I set up an Apache realm to protect the "files" directory and all subdirectories/files within it. Even when they're logged in properly, some users are now presented with an authentication dialog when they try to access a Word or Excel document in the "files" directory. Is there a problem with using [PROTECT] and my login scheme with Apache realms? I can post the login code if it will help. --------------------------------------------------------------------- Clint Davis Webmaster / Interactive Media Specialist Gray Loon Marketing Group, Inc. http://www.grayloon.com 204 Main Street | Evansville, IN 47708 | Phone:812-422-9999 --------------------------------------------------------------------- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Apache Realms and [PROTECT] ( Clint Davis 2003)
  2. Apache Realms and [PROTECT] ( Clint Davis 2003)
I have a site that uses WebDNA to authenticate users. Users enter their username/password in a form, and WebDNA checks their info against the Users.db file. If the info is valid, they are redirected to a new [protect]'ed page using the following scheme. This allows the browser to cache the username/password info. http://username:password@www.mydomain.com/home.tpl This has worked well for months, but users found out that they were able to access Word/Excel documents in the "files" directory on this site by calling them up via the correct address/path. This allowed them to bypass the login page, so I set up an Apache realm to protect the "files" directory and all subdirectories/files within it. Even when they're logged in properly, some users are now presented with an authentication dialog when they try to access a Word or Excel document in the "files" directory. Is there a problem with using [protect] and my login scheme with Apache realms? I can post the login code if it will help. --------------------------------------------------------------------- Clint Davis Webmaster / Interactive Media Specialist Gray Loon Marketing Group, Inc. http://www.grayloon.com 204 Main Street | Evansville, IN 47708 | Phone:812-422-9999 --------------------------------------------------------------------- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Almost There But? WebCat Keeps Changing Cart Numbers on Me! (2002) PIXO support (1997) Problem 2 of 2 (was: Shipping Confusion) (2000) [WebDNA] Sorry WebDNA server not running /Template ERROR/ Slow speeds (2019) can WC render sites out? (1997) [WebDNA] .htm files (2008) Country & Ship-to address & other fields ? (1997) WebCatalog Hosting (1996) RE: Ongoing group search problems ... (1997) Limit to Field Length in DB (1998) setting HTTP response header (1998) Error Msg (1997) [Announce] Newest Commerce Site based on WebCatalog (1997) 2.0.1 new commands and contexts (1997) How long until WebDNA makes the list? :( (2004) File Upload (1997) 2.1 bugs left over from beta cycle (1998) Ampersand (1997) customizing the color of user's pages (1997) Re:2nd WebCatalog2 Feature Request (1996)