[revServer]http authentication -
Matthias Rebbe
matthias_livecode_150811 at m-r-d.de
Mon Aug 29 19:12:54 EDT 2011
Bob,
thanks. I am aware of that. The data is not top secret, but should not be free available for everyone. We use other authentication methods for more critical data.
Regards,
Matthias
Am 30.08.2011 um 00:49 schrieb Bob Sneidar:
> Not sure, but as you must know, cleartext passwords are easily sniffable. As long as the web site is not serving up private or critical information, I suppose there's no harm, but if it is, then you should consider using https and having a form that gets the credentials.
>
> Bob
>
>
> On Aug 29, 2011, at 3:40 PM, Matthias Rebbe wrote:
>
>> Hi,
>>
>> is revServer able to read/get the username of an http authentication, if username and password are included in the url.
>>
>> for example
>>
>> http://JohnDoe:abcdefg@web.com is the url the customer uses to connect to the server. Is it possible for revServer to get the username JohnDoe?
>>
>> Or are username and password removed by apache completely before passing the url to revServer?
>>
>> Regards,
>>
>> Matthias
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
More information about the use-livecode
mailing list