|
|
Posted by thetechturf.com on 01/25/07 14:47
I already have a protected directory, and this will be just like
entering it in the pop-up box.
On Jan 25, 9:19 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> thetechturf.com wrote:
> > Ok, here's the deal. I need a script written that will:
>
> > Use a regular HTML page and form (I plan to have this in a small box on
> > all my HTML pages) to submit the information:
> > Username and Password
> > It will then check the username against like a csv table (or a txt
> > file, or MySQL) and see where the destination is.
> > Last of all it would go to the following url:
> >http://username:password@destination
>
> > So if we have John Doe visit my site he types in:
> > Username: johndoe
> > Password: secret
> > It then checks the table and sees that the user johndoe has a
> > destination of "thetechturf.com/members/shg38
> > Last of all it sends him to the page:
> > http://johndoe:sec...@thetechturf.com/members/sgh38Very insecure! It not only sends the userid/password in plain text, it
> can leave it in the navigation bar for others to read (depending on the
> browser).
>
> Additionally, if you're sending them to another site, the
> userid:password combination may not work - it only works when you're
> using webserver authentication, and not always then.
>
> And if it is another page on your site you're sending them to, there are
> better ways to do it (i.e. session variables).
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================
Navigation:
[Reply to this message]
|