Just never do it period...that is the best habit to have... That is poor coding on the programmers part...
On Fri, 2002-11-15 at 00:59, Maxim Maletsky wrote: > using this method for a production environment is incredibly vulnerable. > Just think of having a link on that page to some other site (or even having > a third-party banner displayed) on which there is a hit counter (and on > 90% there are) those can simply read the link in their logs. > > Never ever use it if security is of a minimum importance or you're > completely sure you know what you do. > > -- > Maxim Maletsky > [EMAIL PROTECTED] > > > On Tue, 5 Nov 2002 02:04:52 +0100 "silver" <[EMAIL PROTECTED]> wrote: > > > hi - I'm not quite sure if this will help you, but lets give it a try: > > > > you could use this URL syntax: > > http://user:password@;www.site.com to automatically log your user in to the > > htaccess protected area. the bad thing about it is that user / password show > > up in the URL, but you could hide this information with using frames... > > are PHP/MySQL usernames + passwords the same like in Apache/HTTP? > > > > greets, > > _andi > > > > > > > > > > > > > > "Phillip Erskine" <[EMAIL PROTECTED]> schrieb im Newsbeitrag > > news:F13i7M4BAyxJMXehYSo00004e46@;hotmail.com... > > > > > > I have a site that uses PHP/MySQL authentication for one section and > > > Apache/HTTP authentication for another. Eventually I would like to use > > only > > > PHP and MySQL for authenticating users, but in the meantime, I have to use > > > both. > > > > > > First, users will log in to the main section of the site and I will use > > PHP > > > session variables to maintain state for that section. What I would like > > to > > > be able to do is allow users to click a link that would redirect them to > > the > > > other section of the site and automatically log them in. > > > > > > The section of the site that users will be redirected to uses .htaccess > > and > > > .htpassword files to enforce HTTP authentication. > > > > > > Is this possible? If so, how? > > > > > > > > > ========================= > > > http://www.pverskine.com/ > > > > > > > > > > > > > > > _________________________________________________________________ > > > Protect your PC - get McAfee.com VirusScan Online > > > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > -- .: B i g D o g :. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
