Re: How to access user:password in servlet

Mon, 23 Nov 2009 07:55:19 -0800 

Hi,

thanks for taking care.

As

xMLHttpRequest.open("GET", link, async, loginName, password);

explicitely supports it, I had assumed it is the standard Ajax way to 
transfer the credentials.

But as it is send in clear text in the URL (and deprecated according to 
you links)
I now prefer to send it inside a <form> as a hidden field and like
this it is properly protected when send as https.

regards
Marcel


Thierry Boileau schrieb:
> Hello Macel,
>
> from what I see in the code, these data are not taken into account by 
> HTTP. After having a look at the HTTP and URI specifications, it appears 
> that HTTP relies on the definition of the "host" term ([1] and [2]) as 
> specified in the URI spec ([3]) which does not take into account the 
> userinfo part (4)... That can look quite odd.
> Anyway, passing user name and password in the "userinfo" subcomponent is 
> clearly not recommended in the URI spec. Could you tell us more about 
> your needs?
>
>
> best regards,
> Thierry Boileau
>
> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2.1
> [2] http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2.2
> [3] http://tools.ietf.org/html/rfc3986#section-3.2.2
> [4] http://tools.ietf.org/html/rfc3986#section-3.2.1
>   
>> Hi,
>>
>> I want to transfer user and password credentials:
>>
>> var loginName = "jack";
>> var password = "1122";
>> var xhr = new XMLHttpRequest();
>> xhr.open("GET", link, async, loginName, password);
>>
>> In firebug I can see the URL send:
>>
>> "jack:1...@localhost"
>>
>> but I have found no way to access it in my restlet servlet (I have tried 
>> POST and GET).
>>
>> How does this work?
>>
>> Thanks
>> Marcel
>>
>> ------------------------------------------------------
>> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2423045
>>
>>
>>     
>
> ------------------------------------------------------
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2423245
>
>

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2423406

Reply via email to