Claus Rasmussen wrote: > Is there a way of letting XXE authorize itself when pulling > configuration files from an HTTP server? I tried setting the environment > variable with http://username:password at server.tld/path/... but I got > prompted with a 401 error message when opening XXE.
Sorry but the answer is no. It does not work because, to my knowlegde[*], the "protocol://user:pass at server/path" notation is not supported by Java[tm] for the HTTP protocol. It does not work also because loading configuration files happens at very early stages of XXE startup. So early that XXE has not yet created its java.net.Authenticator (which could be used to remember username:password specified during previous sessions). However this notation "protocol://user:pass at server/path" works fine for FTP. Therefore if you could put your configuration files on an *FTP* server, it would work fine. --- [*] If I'm wrong and the "protocol://user:pass at server/path" notation is actually supported by Java[tm], then the problem comes from the fact that you have not properly escaped user:pass. Example: "john:@most!" should be specified as "john:%40most%21".
