[revServer]http authentication -

Pierre Sahores sc at sahores-conseil.com
Tue Aug 30 02:52:39 EDT 2011 

A good way to go is there to prefer to send the credentials in HTTP POST as encrypted datas.

Le 30 août 2011 à 01:12, Matthias Rebbe a écrit :

> Bob,
> 
> thanks. I am aware of that. The data is not top secret, but should not be free available for everyone. We use other authentication methods for more critical data.
> 
> Regards,
> 
> Matthias
> 
> Am 30.08.2011 um 00:49 schrieb Bob Sneidar:
> 
>> Not sure, but as you must know, cleartext passwords are easily sniffable. As long as the web site is not serving up private or critical information, I suppose there's no harm, but if it is, then you should consider using https and having a form that gets the credentials. 
>> 
>> Bob
>> 
>> 
>> On Aug 29, 2011, at 3:40 PM, Matthias Rebbe wrote:
>> 
>>> Hi,
>>> 
>>> is revServer  able to read/get the username of an http authentication, if username and password are included in the url.
>>> 
>>> for example
>>> 
>>> http://JohnDoe:abcdefg@web.com  is the url the customer uses to connect to the server. Is it possible for revServer to get the username JohnDoe?
>>> 
>>> Or are username and password  removed by apache completely before passing the url to revServer?
>>> 
>>> Regards,
>>> 
>>> Matthias
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

--
Pierre Sahores
mobile : 06 03 95 77 70
www.sahores-conseil.com

More information about the use-livecode mailing list