Re: M$loth messes with our sites (again)

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 55885
interpreted = N
texte = Clint, I use this scheme, but I'll be the first to admit that there's probably a better (more elegant/effective) way... that said, I've had it in use for about 5 months now, and as far as I can tell, it works pretty well. Your_login_page.html has a 2-field form on it ("USER_NAME" & "PASS_WORD"), and a few [showif]s to handle the errors. --------------------------------- [!] -- ## Reject if referrer is not Login Page -- [/!] [hideif [referrer]^http://www.yoursite.com/your_login_page.html] [redirect your_login_page.html] [/hideif] [!] -- ## END Reject if referrer is not Login Page -- [/!] [showif [USER_NAME]=] [redirect your_login_page.html?error=USERNAME_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [showif [PASS_WORD]=] [redirect your_login_page.html?error=PASSWORD_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_USERNAME=[lookup db=your_login.db&lookinfield=USER_NAME&value=[USER_NAME]&returnfield=USER_NAME¬Found=NOT_FOUND][/text] [showif [AUTHENTICATED_USERNAME]=NOT_FOUND] [redirect your_login_page.html?error=USERNAME_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_PASSWORD=[lookup db=your_login.db&lookinfield=USER_NAME&value=[AUTHENTICATED_USERNAME]&returnfield=PASS_WORD¬Found=NOT_FOUND][/text] [hideif [PASS_WORD]=[AUTHENTICATED_PASSWORD]] [redirect your_login_page.html?error=PASSWORD_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/hideif] --------------------------------- HTH -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com http://www.SearchBoise.com ------------------------------------------------------------ On Tue, 03 Feb 2004 13:55:41 -0600 Clint Davis wrote: >This is going to f#@$ up at least 3 of my client's sites that use this >method of login. > >I have a form setup where users enter the username and password. The form >posts to the same page where the user/pass combo is checked against the >Users.db. > >If a match is found, the user redirected to a >http://username:password@domain.tld/home.tpl page so that IE caches the >information and prevents an authentication dialog. > >Does anyone else have cross-browser, cross-platform method of logging in >through a form? > > > >On 2/3/04 9:06 AM, "John Peacock" wrote: > >> I am aware that in the past there was discussion of people using >> >> http://username:password@domain.tld >> >> with their sites (for various purposes including Log Out from a secure site). >> However, M$loth has disable this feature in order to paper over other problems >> with their security model. Here are the details: >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 >> >> Note especially that this stupid regression can only be disable by editing the >> registry. >> >> Yet another reason to run Mozilla/Opera/etc... > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  2. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  3. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  4. Re: M$loth messes with our sites (again) 2004/02/03 ( Glenn Busbin 2004)
  5. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  6. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  7. Re: M$loth messes with our sites (again) 2004/02/03 ( "Sal D'Anna" 2004)
  8. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  9. Re: M$loth messes with our sites (again) ( "Dan Strong" 2004)
  10. Re: M$loth messes with our sites (again) ( Clint Davis 2004)
  11. Re: M$loth messes with our sites (again) ( "Dan Strong" 2004)
  12. Re: M$loth messes with our sites (again) ( Clint Davis 2004)
  13. Re: M$loth messes with our sites (again) ( Rob Marquardt 2004)
  14. M$loth messes with our sites (again) ( John Peacock 2004)
Clint, I use this scheme, but I'll be the first to admit that there's probably a better (more elegant/effective) way... that said, I've had it in use for about 5 months now, and as far as I can tell, it works pretty well. Your_login_page.html has a 2-field form on it ("USER_NAME" & "PASS_WORD"), and a few [showif]s to handle the errors. --------------------------------- [!] -- ## Reject if referrer is not Login Page -- [/!] [hideif [referrer]^http://www.yoursite.com/your_login_page.html] [redirect your_login_page.html] [/hideif] [!] -- ## END Reject if referrer is not Login Page -- [/!] [showif [USER_NAME]=] [redirect your_login_page.html?error=USERNAME_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [showif [PASS_WORD]=] [redirect your_login_page.html?error=PASSWORD_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_USERNAME=[lookup db=your_login.db&lookinfield=USER_NAME&value=[USER_NAME]&returnfield=USER_NAME¬Found=NOT_FOUND][/text] [showif [AUTHENTICATED_USERNAME]=NOT_FOUND] [redirect your_login_page.html?error=USERNAME_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_PASSWORD=[lookup db=your_login.db&lookinfield=USER_NAME&value=[AUTHENTICATED_USERNAME]&returnfield=PASS_WORD¬Found=NOT_FOUND][/text] [hideif [PASS_WORD]=[AUTHENTICATED_PASSWORD]] [redirect your_login_page.html?error=PASSWORD_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/hideif] --------------------------------- HTH -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com http://www.SearchBoise.com ------------------------------------------------------------ On Tue, 03 Feb 2004 13:55:41 -0600 Clint Davis wrote: >This is going to f#@$ up at least 3 of my client's sites that use this >method of login. > >I have a form setup where users enter the username and password. The form >posts to the same page where the user/pass combo is checked against the >Users.db. > >If a match is found, the user redirected to a >http://username:password@domain.tld/home.tpl page so that IE caches the >information and prevents an authentication dialog. > >Does anyone else have cross-browser, cross-platform method of logging in >through a form? > > > >On 2/3/04 9:06 AM, "John Peacock" wrote: > >> I am aware that in the past there was discussion of people using >> >> http://username:password@domain.tld >> >> with their sites (for various purposes including Log Out from a secure site). >> However, M$loth has disable this feature in order to paper over other problems >> with their security model. Here are the details: >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 >> >> Note especially that this stupid regression can only be disable by editing the >> registry. >> >> Yet another reason to run Mozilla/Opera/etc... > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Gettting IPAddress (2001) problems with 2 tags shakur (1997) searching twice on same field (1998) Ok, I'm stumped (1998) PCS Frames (1997) Further tests with the infamous shipCost (1997) [WebDNA] WebDNA code validator (2011) multiple search commands (1997) Up and running ... at last !! (1997) Help! WebCat2 bug (1997) Webstar 1.3.1 PPC (1997) Passing Variables.. yikes, I'm dumb (2000) Email within tmpl ? (1997) turning every 5th line red (1998) [HIDEIF] inside [FOUNDITEM] (1997) [WebDNA] WebDNA 8.6 announced - New features (2018) Setting up shop (1997) Location of Browser Info.txt file (1997) can you take a look (2003) Sorting by date (1997)