On Tue, 17 Oct 2000, John Saylor wrote:
> From: "Ian Frawley" <[EMAIL PROTECTED]>
> > Is it not just possible through a perl module as I am not very clued
> > up on digital certificates.
> Well, you have to have some credentials- and if it's not a cookie [bad
> idea anyway], and if it's not a use
At 06:58 PM 10/17/00 +0100, [EMAIL PROTECTED] wrote:
>
>AuthCookie won't help you here, it still sends a cookie back to the client.
>Whatever you do, you will need to modify the response to the client to
contain > a session id somewhere where you can get it back.
>
> From what you've said, you wi
[EMAIL PROTECTED]
Copy to
Bcc
Fax to
Subject Re: Remembering Authentication
The problem for me with cookies is the fact that we are going to be serving WAP
phones that don't like cookies for obvious reason
Why not just write the app to use session and store to the db. It is not
hard to do. Auth to db/ldap cook up a digest with $$, username, and
remote_ip. Store all userinfo in Storable object in the db/ldap.
GET http://some.where.net/?sessionID=
POST >
No worrying about browser type, client
t: Tuesday, October 17, 2000 10:05
AM
Subject: Re: Remembering
Authentication
Ian, Using cookies is
just one way of overcoming the stateless nature of
http. The other ways that I know of are to
modify the url in some way or to put a
hidden field in a form.
TED] Time 19:20
Copy to (bcc: Simon Wilcox/BASE/WilliamsLea)
Bcc Simon Wilcox/BASE/WilliamsLea
Fax to
Subject Remembering Authentication
On Tue, 17 Oct 2000, Rodney Broom wrote:
|From: "Nicolas MONNET" <[EMAIL PROTECTED]>
|
|> print $q->redirect("http://$l:$p\@$ENV{HTTP_HOST}/path");
Like what?
From: "Nicolas MONNET" <[EMAIL PROTECTED]>
> print $q->redirect("http://$l:$p\@$ENV{HTTP_HOST}/path");
Ack! Can anybody find a bigger security hole than this?
Rodney Broom
ry clued up on
>digital certificates.
>
>Thanks
>
>Ian
>- Original Message -
>From: "John Saylor" <[EMAIL PROTECTED]>
>To: "Ian Frawley" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Tuesday, October 17, 2000 8:24 AM
>Subje
On Tue, 17 Oct 2000, Nicolas MONNET wrote:
|On Tue, 17 Oct 2000, Shimon Rura wrote:
|
||There's no way to use basic authentication (the stuff inside HTTP) from web
||pages... you can't tell a browser "use this form to ask your user for
||passwords".
|
|#untested code
|use URI::Escape;
|use CGI;
On Tue, 17 Oct 2000, Shimon Rura wrote:
|There's no way to use basic authentication (the stuff inside HTTP) from web
|pages... you can't tell a browser "use this form to ask your user for
|passwords".
#untested code
use URI::Escape;
use CGI;
$q=new CGI;
$l=uri_escape($q->param('login'),'^A-Za-z
What if the user added his username and password to the URL? If they are
valid the application could add those parameters to all links/form
actions, but the plaintext password would be replaced with some parameter
that would be good for the next access and expire after a specified period
of time.
, October 17, 2000 8:48 AM
Subject: Re: Remembering Authentication
> Hi
>
> - Original Message -
> From: "Ian Frawley" <[EMAIL PROTECTED]>
>
>
> > Is it not just possible through a perl module as I am not very clued
> up on
> > digital certific
There's no way to use basic authentication (the stuff inside HTTP) from web
pages... you can't tell a browser "use this form to ask your user for
passwords". If you want to manage authentication in web pages, you have to
build the whole authentication/session management system yourself. Since
yo
Hi
- Original Message -
From: "Ian Frawley" <[EMAIL PROTECTED]>
> Is it not just possible through a perl module as I am not very clued
up on
> digital certificates.
Well, you have to have some credentials- and if it's not a cookie [bad
idea anyway], and if it's not a username/password-
, October 17, 2000 8:24 AM
Subject: Re: Remembering Authentication
> Hi
>
> - Original Message -
> From: "Ian Frawley" <[EMAIL PROTECTED]>
>
> > Is it possible to authenticate a user without having to use the
> > unfriendly login box provided by browsers,
Hi
- Original Message -
From: "Ian Frawley" <[EMAIL PROTECTED]>
> Is it possible to authenticate a user without having to use the
> unfriendly login box provided by browsers, without using cookies?
2 words: digital certificates
This probably means a lot of infrastructure [LDAP, CA, sma
Hi all
Is it possible to authenticate a user without
having to use the unfriendly login box provided by browsers, without using
cookies?
I have managed to authenticate a user once through
some text fields on a HTML page but unfortunately this does not make the browser
remember the user's
18 matches
Mail list logo
