Re: M$loth messes with our sites (again)

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 55885
interpreted = N
texte = Clint, I use this scheme, but I'll be the first to admit that there's probably a better (more elegant/effective) way... that said, I've had it in use for about 5 months now, and as far as I can tell, it works pretty well. Your_login_page.html has a 2-field form on it ("USER_NAME" & "PASS_WORD"), and a few [showif]s to handle the errors. --------------------------------- [!] -- ## Reject if referrer is not Login Page -- [/!] [hideif [referrer]^http://www.yoursite.com/your_login_page.html] [redirect your_login_page.html] [/hideif] [!] -- ## END Reject if referrer is not Login Page -- [/!] [showif [USER_NAME]=] [redirect your_login_page.html?error=USERNAME_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [showif [PASS_WORD]=] [redirect your_login_page.html?error=PASSWORD_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_USERNAME=[lookup db=your_login.db&lookinfield=USER_NAME&value=[USER_NAME]&returnfield=USER_NAME¬Found=NOT_FOUND][/text] [showif [AUTHENTICATED_USERNAME]=NOT_FOUND] [redirect your_login_page.html?error=USERNAME_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_PASSWORD=[lookup db=your_login.db&lookinfield=USER_NAME&value=[AUTHENTICATED_USERNAME]&returnfield=PASS_WORD¬Found=NOT_FOUND][/text] [hideif [PASS_WORD]=[AUTHENTICATED_PASSWORD]] [redirect your_login_page.html?error=PASSWORD_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/hideif] --------------------------------- HTH -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com http://www.SearchBoise.com ------------------------------------------------------------ On Tue, 03 Feb 2004 13:55:41 -0600 Clint Davis wrote: >This is going to f#@$ up at least 3 of my client's sites that use this >method of login. > >I have a form setup where users enter the username and password. The form >posts to the same page where the user/pass combo is checked against the >Users.db. > >If a match is found, the user redirected to a >http://username:password@domain.tld/home.tpl page so that IE caches the >information and prevents an authentication dialog. > >Does anyone else have cross-browser, cross-platform method of logging in >through a form? > > > >On 2/3/04 9:06 AM, "John Peacock" wrote: > >> I am aware that in the past there was discussion of people using >> >> http://username:password@domain.tld >> >> with their sites (for various purposes including Log Out from a secure site). >> However, M$loth has disable this feature in order to paper over other problems >> with their security model. Here are the details: >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 >> >> Note especially that this stupid regression can only be disable by editing the >> registry. >> >> Yet another reason to run Mozilla/Opera/etc... > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  2. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  3. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  4. Re: M$loth messes with our sites (again) 2004/02/03 ( Glenn Busbin 2004)
  5. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  6. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  7. Re: M$loth messes with our sites (again) 2004/02/03 ( "Sal D'Anna" 2004)
  8. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  9. Re: M$loth messes with our sites (again) ( "Dan Strong" 2004)
  10. Re: M$loth messes with our sites (again) ( Clint Davis 2004)
  11. Re: M$loth messes with our sites (again) ( "Dan Strong" 2004)
  12. Re: M$loth messes with our sites (again) ( Clint Davis 2004)
  13. Re: M$loth messes with our sites (again) ( Rob Marquardt 2004)
  14. M$loth messes with our sites (again) ( John Peacock 2004)
Clint, I use this scheme, but I'll be the first to admit that there's probably a better (more elegant/effective) way... that said, I've had it in use for about 5 months now, and as far as I can tell, it works pretty well. Your_login_page.html has a 2-field form on it ("USER_NAME" & "PASS_WORD"), and a few [showif]s to handle the errors. --------------------------------- [!] -- ## Reject if referrer is not Login Page -- [/!] [hideif [referrer]^http://www.yoursite.com/your_login_page.html] [redirect your_login_page.html] [/hideif] [!] -- ## END Reject if referrer is not Login Page -- [/!] [showif [USER_NAME]=] [redirect your_login_page.html?error=USERNAME_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [showif [PASS_WORD]=] [redirect your_login_page.html?error=PASSWORD_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_USERNAME=[lookup db=your_login.db&lookinfield=USER_NAME&value=[USER_NAME]&returnfield=USER_NAME¬Found=NOT_FOUND][/text] [showif [AUTHENTICATED_USERNAME]=NOT_FOUND] [redirect your_login_page.html?error=USERNAME_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/showif] [text show=f]AUTHENTICATED_PASSWORD=[lookup db=your_login.db&lookinfield=USER_NAME&value=[AUTHENTICATED_USERNAME]&returnfield=PASS_WORD¬Found=NOT_FOUND][/text] [hideif [PASS_WORD]=[AUTHENTICATED_PASSWORD]] [redirect your_login_page.html?error=PASSWORD_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]] [/hideif] --------------------------------- HTH -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com http://www.SearchBoise.com ------------------------------------------------------------ On Tue, 03 Feb 2004 13:55:41 -0600 Clint Davis wrote: >This is going to f#@$ up at least 3 of my client's sites that use this >method of login. > >I have a form setup where users enter the username and password. The form >posts to the same page where the user/pass combo is checked against the >Users.db. > >If a match is found, the user redirected to a >http://username:password@domain.tld/home.tpl page so that IE caches the >information and prevents an authentication dialog. > >Does anyone else have cross-browser, cross-platform method of logging in >through a form? > > > >On 2/3/04 9:06 AM, "John Peacock" wrote: > >> I am aware that in the past there was discussion of people using >> >> http://username:password@domain.tld >> >> with their sites (for various purposes including Log Out from a secure site). >> However, M$loth has disable this feature in order to paper over other problems >> with their security model. Here are the details: >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 >> >> Note especially that this stupid regression can only be disable by editing the >> registry. >> >> Yet another reason to run Mozilla/Opera/etc... > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] macOS 10.13.3 and WebDNA Mac Server 8.5.1 - hick-up (2019) [WebDNA] Need to convert unix date? (2009) WebCat b15 Mac plug-in (1997) Attn: Bug in GeneralStore example b15 (1997) WebCat/CyberStudio Compatibility (1998) Ongoing group search problems ... (1997) Stumpted Again (1997) Is this possible, WebCat2.0 and checkboxes (1997) WebCat2 - Getting to the browser's username/password data (1997) Pull Down Menu for Catagories (2000) FYI: virus alert (1996) Thanks and Big News!!! (1997) What am I missing (1997) Grep Question - SOLVED (2003) [WebDNA] Successful, working WebDNA7/CentOS install? (2013) Nav. 4 probs with cart (1997) Passing form variables to new window created by JavaScript (2001) cart info (1998) WebCat B13 Mac CGI -- Frames question (1997) Erotic Sites (1997)