[revServer]http authentication -

Matthias Rebbe matthias_livecode_150811 at m-r-d.de
Mon Aug 29 19:12:54 EDT 2011


Bob,

thanks. I am aware of that. The data is not top secret, but should not be free available for everyone. We use other authentication methods for more critical data.

Regards,

Matthias

Am 30.08.2011 um 00:49 schrieb Bob Sneidar:

> Not sure, but as you must know, cleartext passwords are easily sniffable. As long as the web site is not serving up private or critical information, I suppose there's no harm, but if it is, then you should consider using https and having a form that gets the credentials. 
> 
> Bob
> 
> 
> On Aug 29, 2011, at 3:40 PM, Matthias Rebbe wrote:
> 
>> Hi,
>> 
>> is revServer  able to read/get the username of an http authentication, if username and password are included in the url.
>> 
>> for example
>> 
>> http://JohnDoe:abcdefg@web.com  is the url the customer uses to connect to the server. Is it possible for revServer to get the username JohnDoe?
>> 
>> Or are username and password  removed by apache completely before passing the url to revServer?
>> 
>> Regards,
>> 
>> Matthias
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode





More information about the Use-livecode mailing list