[revServer]http authentication -
matthias_livecode_150811 at m-r-d.de
Mon Aug 29 19:12:54 EDT 2011
thanks. I am aware of that. The data is not top secret, but should not be free available for everyone. We use other authentication methods for more critical data.
Am 30.08.2011 um 00:49 schrieb Bob Sneidar:
> Not sure, but as you must know, cleartext passwords are easily sniffable. As long as the web site is not serving up private or critical information, I suppose there's no harm, but if it is, then you should consider using https and having a form that gets the credentials.
> On Aug 29, 2011, at 3:40 PM, Matthias Rebbe wrote:
>> is revServer able to read/get the username of an http authentication, if username and password are included in the url.
>> for example
>> http://JohnDoe:email@example.com is the url the customer uses to connect to the server. Is it possible for revServer to get the username JohnDoe?
>> Or are username and password removed by apache completely before passing the url to revServer?
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the Use-livecode