Apache Realms and [PROTECT]

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 53681
interpreted = N
texte = I have a site that uses WebDNA to authenticate users. Users enter their username/password in a form, and WebDNA checks their info against the Users.db file. If the info is valid, they are redirected to a new [PROTECT]'ed page using the following scheme. This allows the browser to cache the username/password info. http://username:password@www.mydomain.com/home.tpl This has worked well for months, but users found out that they were able to access Word/Excel documents in the "files" directory on this site by calling them up via the correct address/path. This allowed them to bypass the login page, so I set up an Apache realm to protect the "files" directory and all subdirectories/files within it. Even when they're logged in properly, some users are now presented with an authentication dialog when they try to access a Word or Excel document in the "files" directory. Is there a problem with using [PROTECT] and my login scheme with Apache realms? I can post the login code if it will help. --------------------------------------------------------------------- Clint Davis Webmaster / Interactive Media Specialist Gray Loon Marketing Group, Inc. http://www.grayloon.com 204 Main Street | Evansville, IN 47708 | Phone:812-422-9999 --------------------------------------------------------------------- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Apache Realms and [PROTECT] ( Clint Davis 2003)
  2. Apache Realms and [PROTECT] ( Clint Davis 2003)
I have a site that uses WebDNA to authenticate users. Users enter their username/password in a form, and WebDNA checks their info against the Users.db file. If the info is valid, they are redirected to a new [protect]'ed page using the following scheme. This allows the browser to cache the username/password info. http://username:password@www.mydomain.com/home.tpl This has worked well for months, but users found out that they were able to access Word/Excel documents in the "files" directory on this site by calling them up via the correct address/path. This allowed them to bypass the login page, so I set up an Apache realm to protect the "files" directory and all subdirectories/files within it. Even when they're logged in properly, some users are now presented with an authentication dialog when they try to access a Word or Excel document in the "files" directory. Is there a problem with using [protect] and my login scheme with Apache realms? I can post the login code if it will help. --------------------------------------------------------------------- Clint Davis Webmaster / Interactive Media Specialist Gray Loon Marketing Group, Inc. http://www.grayloon.com 204 Main Street | Evansville, IN 47708 | Phone:812-422-9999 --------------------------------------------------------------------- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

(1997) Protect (1997) emailer setup (1997) webcatalog 2.1.3 ACGI Weirdness? (1998) Re[2]: Weird [blank] interpretation (1999) WebCat2b15MacPlugin - [protect] (1997) Bug Report, maybe (1997) email database file (2005) The Guru, The Mooseman, Susie and Is That Really the Only Manual? (1998) v6 Development copy download link seems to be offline? (2004) WebCat2 - [format thousands] (1997) Editor Recommendation for NT Users (1998) Mem per threads (1998) InternetWeek E-Commerce article (1998) Trouble with formula.db (1997) RE: [taxRate] [TaxTotal] ? (1997) Verifying both name and password (was: New Problem) (1997) Trouble serving graphics on protected templates (1998) Thanks Grant (1997) [Correction] Why does lineitems loop in sendmail = crash ? (2000)