Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Chris de Vidal wrote: I searched this group and someone suggested disabling Apache's keepalives but I don't have root on this box so that option is out. Try to send Connection: close header, then the connection will be terminated by the client. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Well, there is a MD5 javascript app, if you put a onclick method on your submit button, to call the javascript, and md5 the password, you could use a GET request to pass the username and md5'd password into your login script. I'm not sure if there is an equivalent SHA javascript, but if there is, I would use that instead. On Thu, 2004-03-18 at 14:38, Chris de Vidal wrote: Adam Voigt said: If I ran XP I might be able to do that. From reading the security release my MS, it sounds like some times the POST request gets b0rked, Yep. if this is the case, I'm not sure there's much that can be done about it. ...except find an alternate login method, which is my question. I know this isn't a problem on every site else there'd be far more uproar against Microsoft for not pushing it out. Surely there must be another method other than the code I showed this mailing list. I searched this group and someone suggested disabling Apache's keepalives but I don't have root on this box so that option is out. At this point it's either disable passwords or find an alternate method; we're angering customers (thank you Microsoft!). /dev/idal -- Adam Voigt [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Marek Kilimajer said: I searched this group and someone suggested disabling Apache's keepalives but I don't have root on this box so that option is out. Try to send Connection: close header, then the connection will be terminated by the client. I don't understand... would I place that code in the posted PHP page, edit_agent.php? To reiterate, no custom headers are sent with any PHP function unless there is a failure. IE bombs on a successful login (when no custom headers are sent). I'm not sure where I'd include this custom header or why. /dev/idal -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Chris de Vidal wrote: Marek Kilimajer said: I searched this group and someone suggested disabling Apache's keepalives but I don't have root on this box so that option is out. Try to send Connection: close header, then the connection will be terminated by the client. I don't understand... would I place that code in the posted PHP page, edit_agent.php? To reiterate, no custom headers are sent with any PHP function unless there is a failure. IE bombs on a successful login (when no custom headers are sent). I'm not sure where I'd include this custom header or why. Simply execute: header('Connection: close'); after successful login and before any other output. This is just a shot in the dark, it might not help at all. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Adam Voigt said: What exactly is breaking? If it's the header to redirect, you could just issue a meta refresh, or a javascript one. The only time redirects are sent is when there is a failure. Otherwise it's a simple post operation to a PHP file with an include. Have another look at the code. Try it on your server if you'd like. You can replicate the problem with an XP box that's recently (this month) been automatically updated. CD -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Have another look at the code. Try it on your server if you'd like. You can replicate the problem with an XP box that's recently (this month) been automatically updated. If I ran XP I might be able to do that. From reading the security release my MS, it sounds like some times the POST request gets b0rked, if this is the case, I'm not sure there's much that can be done about it. -- Adam Voigt [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Adam Voigt said: If I ran XP I might be able to do that. From reading the security release my MS, it sounds like some times the POST request gets b0rked, Yep. if this is the case, I'm not sure there's much that can be done about it. ...except find an alternate login method, which is my question. I know this isn't a problem on every site else there'd be far more uproar against Microsoft for not pushing it out. Surely there must be another method other than the code I showed this mailing list. I searched this group and someone suggested disabling Apache's keepalives but I don't have root on this box so that option is out. At this point it's either disable passwords or find an alternate method; we're angering customers (thank you Microsoft!). /dev/idal -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Adam Voigt mailto:[EMAIL PROTECTED] on Thursday, March 18, 2004 11:21 AM said: If I ran XP I might be able to do that. From reading the security release my MS, it sounds like some times the POST request gets b0rked, if this is the case, I'm not sure there's much that can be done about it. maybe this is too simple an answer but how about using GET instead? chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Chris W. Parker said: maybe this is too simple an answer but how about using GET instead? I'm about 90% sure that URL strings are passed in the clear to SSL servers, so this would defeat the purpose of SSL. I've found that some people have solved this problem by upgrading the server to a newer version of PHP. Again, I don't have admin access. The box is admined by a medium-sized hosting company so they might ignore my requests for them to upgrade. Are there any other ways to authorize using MySQL? /dev/idal -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
Chris de Vidal mailto:[EMAIL PROTECTED] on Thursday, March 18, 2004 12:49 PM said: I'm about 90% sure that URL strings are passed in the clear to SSL servers, so this would defeat the purpose of SSL. hmm.. good point. that never occured to me. chris. p.s. gosh my emails are taking forever to get back to me! your reply came back minutes before my post showed up. :\ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Thank you, Microsoft! Now I need an alternate loginmethod
snip I'm about 90% sure that URL strings are passed in the clear to SSL servers, so this would defeat the purpose of SSL. /snip I don't think this is true. You can see the query string in the address bar, but (with what little http knowledge I have) the http conversation is encrypted, if you sniff it, the contents will be encrypted, even the query string. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php