[revServer]http authentication -

Bob Sneidar bobs at twft.com
Mon Aug 29 17:49:38 CDT 2011


Not sure, but as you must know, cleartext passwords are easily sniffable. As long as the web site is not serving up private or critical information, I suppose there's no harm, but if it is, then you should consider using https and having a form that gets the credentials. 

Bob


On Aug 29, 2011, at 3:40 PM, Matthias Rebbe wrote:

> Hi,
> 
> is revServer  able to read/get the username of an http authentication, if username and password are included in the url.
> 
> for example
> 
> http://JohnDoe:abcdefg@web.com  is the url the customer uses to connect to the server. Is it possible for revServer to get the username JohnDoe?
> 
> Or are username and password  removed by apache completely before passing the url to revServer?
> 
> Regards,
> 
> Matthias
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode




More information about the use-livecode mailing list