Re: Apache Realms and [PROTECT]

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 53682
interpreted = N
texte = More details: My client logged in using his username/password, and everything worked fine. He logged out then logged in again using a different username/password combo on the same computer with the same browser, and the Authentication dialog box is popping up when files inside the realm are clicked. Both users are members of the same WebDNA group. What could cause this? On 10/29/03 1:37 PM, "Clint Davis" wrote: > I have a site that uses WebDNA to authenticate users. Users enter their > username/password in a form, and WebDNA checks their info against the > Users.db file. If the info is valid, they are redirected to a new > [PROTECT]'ed page using the following scheme. This allows the browser to > cache the username/password info. > > http://username:password@www.mydomain.com/home.tpl > > This has worked well for months, but users found out that they were able to > access Word/Excel documents in the "files" directory on this site by calling > them up via the correct address/path. This allowed them to bypass the login > page, so I set up an Apache realm to protect the "files" directory and all > subdirectories/files within it. > > Even when they're logged in properly, some users are now presented with an > authentication dialog when they try to access a Word or Excel document in > the "files" directory. > > Is there a problem with using [PROTECT] and my login scheme with Apache > realms? > > I can post the login code if it will help. --------------------------------------------------------------------- Clint Davis Webmaster / Interactive Media Specialist Gray Loon Marketing Group, Inc. http://www.grayloon.com 204 Main Street | Evansville, IN 47708 | Phone:812-422-9999 --------------------------------------------------------------------- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Apache Realms and [PROTECT] ( Clint Davis 2003)
  2. Apache Realms and [PROTECT] ( Clint Davis 2003)
More details: My client logged in using his username/password, and everything worked fine. He logged out then logged in again using a different username/password combo on the same computer with the same browser, and the Authentication dialog box is popping up when files inside the realm are clicked. Both users are members of the same WebDNA group. What could cause this? On 10/29/03 1:37 PM, "Clint Davis" wrote: > I have a site that uses WebDNA to authenticate users. Users enter their > username/password in a form, and WebDNA checks their info against the > Users.db file. If the info is valid, they are redirected to a new > [protect]'ed page using the following scheme. This allows the browser to > cache the username/password info. > > http://username:password@www.mydomain.com/home.tpl > > This has worked well for months, but users found out that they were able to > access Word/Excel documents in the "files" directory on this site by calling > them up via the correct address/path. This allowed them to bypass the login > page, so I set up an Apache realm to protect the "files" directory and all > subdirectories/files within it. > > Even when they're logged in properly, some users are now presented with an > authentication dialog when they try to access a Word or Excel document in > the "files" directory. > > Is there a problem with using [protect] and my login scheme with Apache > realms? > > I can post the login code if it will help. --------------------------------------------------------------------- Clint Davis Webmaster / Interactive Media Specialist Gray Loon Marketing Group, Inc. http://www.grayloon.com 204 Main Street | Evansville, IN 47708 | Phone:812-422-9999 --------------------------------------------------------------------- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Include vs. lookup? (1998) Authenticate (1998) off topic - dna snipets (1997) [WebDNA] Encrypt / Decrypt weirdness..... plus some date weirdness (2015) Reversed words (1997) WebDNA-Talk Digest mode broken (1997) Hiding HTML and page breaks (1997) A multi-processor savvy WebCatalog? (1997) Group search doesn't work. (1997) [WriteFile] problems (1997) webcat and webkitty votes needed (1997) New Plug-in and Type 11 errors (1997) WebCat2b15MacPlugIn - [authenticate] not [protect] (1997) Cancel Subscription (1996) Error: Can't open order file. (2005) Search/sort in URL Was: GuestBook example (1997) (1997) Re1000001: Setting up shop (1997) Certificates? (2005) Webcat no longer supported? (2006)