RE: [WhatsUp Forum] IE security change affects WU web interface??

[Steve Warnock]

Title: Message

Microsoft has posted some workarounds.  (http://support.microsoft.com/?kbid=834489)   Workarounds for application and Web site developers URLs that are opened by objects that call WinInet or Urlmon functions For objects that use an HTTP or an HTTPS URL that includes user information when they call a WinInet or Urlmon function such as InternetOpenURL, rewrite the object to use one of the following methods to send user information to the Web site:            Use the InternetSetOption function and include the following option flags:                INTERNET_OPTION_USERNAME                INTERNET_OPTION_PASSWORD For additional information about how to use the InternetSetOption function, visit the following Microsoft Web site: http://msdn.microsoft.com/library/en-us/wininet/wininet/internetsetoption.asp            Use the IAuthenticate Interface. For additional information about how to use the IAuthenticate Interface, visit the following Microsoft Web site: http://msdn.microsoft.com/workshop/networking/moniker/reference/ifaces/iauthenticate/iauthenticate.asp URLs that are opened by a script that uses credentials for state management If you include HTTP or HTTPS URLs that contain user information in your scripting code, to manage state information, change your scripting code to use cookies instead of user information. For additional information about how to use cookies to manage state information, visit the following Internet Engineering Task Force (IETF) Web site: http://www.ietf.org/rfc/rfc2965.txt To see an example of how to use Visual Basic to read and write HTTP cookies in an ASP.NET Web program, visit the following Microsoft Web site: http://msdn.microsoft.com/library/en-us/dv_vstechart/html/vbtchaspnetcookies101.asp How to disable the new behavior or use it in other programs After you install the 832894 security update, you can set registry values to use this new behavior in other programs that host the Web browser control or to disable this new behavior for Windows Explorer and Internet Explorer. How programs that host the Web browser control can use this new default behavior to handle user information in HTTP or HTTPS URLs By default, this new default behavior for handling user information in HTTP or HTTPS URLs applies only to Windows Explorer and Internet Explorer. To use this new behavior in other programs that host the Web browser control, create a DWORD value named SampleApp.exe, where SampleApp.exe is the name of the executable file that runs the program. Set the DWORD value's value data to 1 in one of the following registry keys: For all users of the program: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE For the current user only: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE How to disable the new default behavior for handling user information in HTTP or HTTPS URLs To disable the new default behavior in Windows Explorer and Internet Explorer, create iexplore.exe and explorer.exe DWORD values in one of the following registry keys and set their value data to 0: For all users: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE For the current user only: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE       Thanks, Steve Warnock Advanced Computer Connections 419-668-4080 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 05, 2004 8:15 AM To: [EMAIL PROTECTED] Subject: RE: [WhatsUp Forum] IE security change affects WU web interface??   Hello All   Has anyone been able to come up with an alternate means for passing userid and password?   Alonzo Seaborne Senior Network Services & Operations Engineer BMW Group Data Center Americas [EMAIL PROTECTED] (864) 989-5713 Work (864) 801-5713 Fax From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bond, Duncan Sent: Thursday, February 05, 2004 7:39 AM To: '[EMAIL PROTECTED]' Subject: RE: [WhatsUp Forum] IE security change affects WU web interface??   If you are embedding the userid:password@ sequence, that did break with the security update. We had to remove the authentication (to a guest account) to get it back in business. -----Original Message----- From: Paul Jasa [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:06 AM To: [EMAIL PROTECTED] Subject: [WhatsUp Forum] IE security change affects WU web interface?? Hi, folks!  Recently, making changes over the web interface started to fail right after I click the Submit button.  Even when I backspace, and try again, it continues to fail over and over.   The web server returns a "Page cannot be found" general error.   Making changes over the web interface used to work just fine.    Reading through some security news lately, it occurred to me that Microsoft changed Internet Explorer so as not to allow it to send sensitive information via the URL, something which has upset a lot of people and broke a lot of things.   Was wondering whether this rash new change in IE is affecting HTTP connections to WhatsUp, in particular as it relates to making changes to the Settings of an object on the web interface.   Thanks in advance if anyone has any info on this.   Paul ====================================== Paul Jasa Network Engineer ======================================   The information contained in this e-mail and any attached documents may be privileged, confidential and protected from disclosure. If you are not the intended recipient you may not read, copy, distribute or use this information. If you have received this communication in error, please notify the sender immediately by replying to this message and then delete it from your system.