Re: [programming] members only pages

Thu, 19 Aug 1999 20:10:20 -0700 

At 21:28 19-08-99 +0700, you wrote:
>Steven Haryanto wrote:
>> 
>> >ada yang tahu gak
>> >caranya biar suatu page dalam site
>> >bisa diakses oleh member yang terdaftar doang
>> >jadi harus masukin login dan password (http auth)
>
>> paling praktis sebetulnya dengan HTTP Authentication
>> (yaitu, .htaccess + htpasswd kalo di Apache), toh
>> dengan CGI script tidak diperoleh keamanan yang
>> lebih.
>
>htpasswd
>support enkripsi gak?

wah, sebenernya saya kurang tau, tapi menurut rfc http/1.1,
mekanisme autentikasi tidak dibatasi hanya untuk basic saja.
autentikasi basic tidak diencrypt, dan terus menerus dikirim
ulang oleh client per request. ini cuplikan HTTP conversation
Apache vs Lynx dengan user='edwin' + pass='edwin' (encoding-nya
MIME/UUE? kurang ngeh...)

>>>>>
HTTP/1.1 401 Authorization Required
Date: Thu, 19 Aug 1999 06:35:33 GMT
Server: Apache/1.3.6 (Unix)  (Red Hat/Linux)
WWW-Authenticate: Basic realm="private stuff"
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>401 Authorization Required</TITLE>
</HEAD><BODY>
<H1>Authorization Required</H1>
This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.<P>
<HR>
<ADDRESS>Apache/1.3.6 Server at www.edwin.org Port 80</ADDRESS>
</BODY></HTML>
[disconnection with 127.0.0.1:1091]
[connection from 127.0.0.1:1093]
GET /~edwin/secret HTTP/1.0
Host: 127.0.0.1:9000
Accept: text/html, text/plain, application/applefile,
application/x-metamail-patch, sun-deskset-message, mail-file, default,
postscript-file, audio-file, x-sun-attachment, text/enriched, text/richtext,
application/andrew-inset, x-be2
Accept: application/postscript, message/external-body, message/partial,
application/pgp, application/pgp, video/mpeg, video/*, image/*, audio/mod,
text/sgml, */*;q=0.01
Accept-Encoding: gzip, compress
Accept-Language: en
Negotiate: trans
User-Agent: Lynx/2.8.1rel.2 libwww-FM/2.14
Authorization: Basic ZWR3aW46ZWR3aW4=
<<<<<

--
mailto:[EMAIL PROTECTED]
http://steven.haryan.to

Bandung Perl Mongers: http://bandung.pm.org


--------------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
Hosted by http://www.Indoglobal.com

Kirim email ke