Apache Realms and [PROTECT]

This WebDNA talk-list message is from

2003

It keeps the original formatting. numero = 53681
interpreted = N
texte = I have a site that uses WebDNA to authenticate users. Users enter theirusername/password in a form, and WebDNA checks their info against theUsers.db file. If the info is valid, they are redirected to a new[PROTECT]'ed page using the following scheme. This allows the browser tocache the username/password info.http://username:password@www.mydomain.com/home.tplThis has worked well for months, but users found out that they were able toaccess Word/Excel documents in the "files" directory on this site by callingthem up via the correct address/path. This allowed them to bypass the loginpage, so I set up an Apache realm to protect the "files" directory and allsubdirectories/files within it.Even when they're logged in properly, some users are now presented with anauthentication dialog when they try to access a Word or Excel document inthe "files" directory.Is there a problem with using [PROTECT] and my login scheme with Apacherealms?I can post the login code if it will help.---------------------------------------------------------------------Clint DavisWebmaster / Interactive Media SpecialistGray Loon Marketing Group, Inc. http://www.grayloon.com204 Main Street | Evansville, IN 47708 | Phone:812-422-9999----------------------------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: Apache Realms and [PROTECT] ( Clint Davis 2003)
Apache Realms and [PROTECT] ( Clint Davis 2003)

I have a site that uses WebDNA to authenticate users. Users enter theirusername/password in a form, and WebDNA checks their info against theUsers.db file. If the info is valid, they are redirected to a new[protect]'ed page using the following scheme. This allows the browser tocache the username/password info.http://username:password@www.mydomain.com/home.tplThis has worked well for months, but users found out that they were able toaccess Word/Excel documents in the "files" directory on this site by callingthem up via the correct address/path. This allowed them to bypass the loginpage, so I set up an Apache realm to protect the "files" directory and allsubdirectories/files within it.Even when they're logged in properly, some users are now presented with anauthentication dialog when they try to access a Word or Excel document inthe "files" directory.Is there a problem with using [protect] and my login scheme with Apacherealms?I can post the login code if it will help.---------------------------------------------------------------------Clint DavisWebmaster / Interactive Media SpecialistGray Loon Marketing Group, Inc. http://www.grayloon.com204 Main Street | Evansville, IN 47708 | Phone:812-422-9999----------------------------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Apache Realms and [PROTECT]

2003

Top Articles:

Related Readings: