Re: M$loth messes with our sites (again)

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 55885
interpreted = N
texte = Clint, I use this scheme, but I'll be the first to admit that there's probably a better (more elegant/effective) way... that said, I've had it in use for about 5 months now, and as far as I can tell, it works pretty well. Your_login_page.html has a 2-field form on it ("USER_NAME" & "PASS_WORD"), and a few [showif]s to handle the errors. --------------------------------- [!] -- ## Reject if referrer is not Login Page -- [/!] [hideif [referrer]^http://www.yoursite.com/your_login_page.html] [redirect your_login_page.html] [/hideif] [!] -- ## END Reject if referrer is not Login Page -- [/!] [showif [USER_NAME]=] [redirect your_login_page.html?error=USERNAME_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [showif [PASS_WORD]=] [redirect your_login_page.html?error=PASSWORD_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_USERNAME=[lookup db=your_login.db&lookinfield=USER_NAME&value=[USER_NAME]&returnfield=USER_NAME¬Found=NOT_FOUND][/text] [showif [AUTHENTICATED_USERNAME]=NOT_FOUND] [redirect your_login_page.html?error=USERNAME_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_PASSWORD=[lookup db=your_login.db&lookinfield=USER_NAME&value=[AUTHENTICATED_USERNAME]&returnfield=PASS_WORD¬Found=NOT_FOUND][/text] [hideif [PASS_WORD]=[AUTHENTICATED_PASSWORD]] [redirect your_login_page.html?error=PASSWORD_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/hideif] --------------------------------- HTH -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com http://www.SearchBoise.com ------------------------------------------------------------ On Tue, 03 Feb 2004 13:55:41 -0600 Clint Davis wrote: >This is going to f#@$ up at least 3 of my client's sites that use this >method of login. > >I have a form setup where users enter the username and password. The form >posts to the same page where the user/pass combo is checked against the >Users.db. > >If a match is found, the user redirected to a >http://username:password@domain.tld/home.tpl page so that IE caches the >information and prevents an authentication dialog. > >Does anyone else have cross-browser, cross-platform method of logging in >through a form? > > > >On 2/3/04 9:06 AM, "John Peacock" wrote: > >> I am aware that in the past there was discussion of people using >> >> http://username:password@domain.tld >> >> with their sites (for various purposes including Log Out from a secure site). >> However, M$loth has disable this feature in order to paper over other problems >> with their security model. Here are the details: >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 >> >> Note especially that this stupid regression can only be disable by editing the >> registry. >> >> Yet another reason to run Mozilla/Opera/etc... > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  2. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  3. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  4. Re: M$loth messes with our sites (again) 2004/02/03 ( Glenn Busbin 2004)
  5. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  6. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  7. Re: M$loth messes with our sites (again) 2004/02/03 ( "Sal D'Anna" 2004)
  8. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  9. Re: M$loth messes with our sites (again) ( "Dan Strong" 2004)
  10. Re: M$loth messes with our sites (again) ( Clint Davis 2004)
  11. Re: M$loth messes with our sites (again) ( "Dan Strong" 2004)
  12. Re: M$loth messes with our sites (again) ( Clint Davis 2004)
  13. Re: M$loth messes with our sites (again) ( Rob Marquardt 2004)
  14. M$loth messes with our sites (again) ( John Peacock 2004)
Clint, I use this scheme, but I'll be the first to admit that there's probably a better (more elegant/effective) way... that said, I've had it in use for about 5 months now, and as far as I can tell, it works pretty well. Your_login_page.html has a 2-field form on it ("USER_NAME" & "PASS_WORD"), and a few [showif]s to handle the errors. --------------------------------- [!] -- ## Reject if referrer is not Login Page -- [/!] [hideif [referrer]^http://www.yoursite.com/your_login_page.html] [redirect your_login_page.html] [/hideif] [!] -- ## END Reject if referrer is not Login Page -- [/!] [showif [USER_NAME]=] [redirect your_login_page.html?error=USERNAME_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [showif [PASS_WORD]=] [redirect your_login_page.html?error=PASSWORD_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_USERNAME=[lookup db=your_login.db&lookinfield=USER_NAME&value=[USER_NAME]&returnfield=USER_NAME¬Found=NOT_FOUND][/text] [showif [AUTHENTICATED_USERNAME]=NOT_FOUND] [redirect your_login_page.html?error=USERNAME_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_PASSWORD=[lookup db=your_login.db&lookinfield=USER_NAME&value=[AUTHENTICATED_USERNAME]&returnfield=PASS_WORD¬Found=NOT_FOUND][/text] [hideif [PASS_WORD]=[AUTHENTICATED_PASSWORD]] [redirect your_login_page.html?error=PASSWORD_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/hideif] --------------------------------- HTH -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com http://www.SearchBoise.com ------------------------------------------------------------ On Tue, 03 Feb 2004 13:55:41 -0600 Clint Davis wrote: >This is going to f#@$ up at least 3 of my client's sites that use this >method of login. > >I have a form setup where users enter the username and password. The form >posts to the same page where the user/pass combo is checked against the >Users.db. > >If a match is found, the user redirected to a >http://username:password@domain.tld/home.tpl page so that IE caches the >information and prevents an authentication dialog. > >Does anyone else have cross-browser, cross-platform method of logging in >through a form? > > > >On 2/3/04 9:06 AM, "John Peacock" wrote: > >> I am aware that in the past there was discussion of people using >> >> http://username:password@domain.tld >> >> with their sites (for various purposes including Log Out from a secure site). >> However, M$loth has disable this feature in order to paper over other problems >> with their security model. Here are the details: >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 >> >> Note especially that this stupid regression can only be disable by editing the >> registry. >> >> Yet another reason to run Mozilla/Opera/etc... > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Secure server question (1997) Running _every_ page through WebCat-error.html (1997) Protect (1997) ShippingCosts (1998) Add a field to the error log? (1997) problems with 2 tags shakur (1997) Problems with [Applescript] (1997) search context w shownext works! (1997) Share cost of training videos! (1998) Webmerch Error (1998) WebCat2: Items xx to xx shown, etc. (1997) Ok here is a question? (1997) Announce: WebMerchant 3.0 for Mac shipping now (1998) WebCat2b15MacPlugin - showing [math] (1997) Ship Cost Not working (2000) PCS Frames (1997) Web Catalog vs. ICAT (1997) Public beta 2 for WebCatalog 4.0 is now available. (2000) trouble updating records in database (1998) FAX orders (1996)