|
|
Posted by Jerry Stuckle on 01/25/07 14:19
thetechturf.com wrote:
> Ok, here's the deal. I need a script written that will:
>
> Use a regular HTML page and form (I plan to have this in a small box on
> all my HTML pages) to submit the information:
> Username and Password
> It will then check the username against like a csv table (or a txt
> file, or MySQL) and see where the destination is.
> Last of all it would go to the following url:
> http://username:password@destination
>
> So if we have John Doe visit my site he types in:
> Username: johndoe
> Password: secret
> It then checks the table and sees that the user johndoe has a
> destination of "thetechturf.com/members/shg38
> Last of all it sends him to the page:
> http://johndoe:secret@thetechturf.com/members/sgh38
>
Very insecure! It not only sends the userid/password in plain text, it
can leave it in the navigation bar for others to read (depending on the
browser).
Additionally, if you're sending them to another site, the
userid:password combination may not work - it only works when you're
using webserver authentication, and not always then.
And if it is another page on your site you're sending them to, there are
better ways to do it (i.e. session variables).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|