|
|
Posted by Chris Hope on 01/26/07 07:41
Jerry Stuckle wrote:
> thetechturf.com wrote:
>> Ok, here's the deal. I need a script written that will:
>>
>> Use a regular HTML page and form (I plan to have this in a small box
>> on all my HTML pages) to submit the information:
>> Username and Password
>> It will then check the username against like a csv table (or a txt
>> file, or MySQL) and see where the destination is.
>> Last of all it would go to the following url:
>> http://username:password@destination
>>
>> So if we have John Doe visit my site he types in:
>> Username: johndoe
>> Password: secret
>> It then checks the table and sees that the user johndoe has a
>> destination of "thetechturf.com/members/shg38
>> Last of all it sends him to the page:
>> http://johndoe:secret@thetechturf.com/members/sgh38
>
> Very insecure! It not only sends the userid/password in plain text,
> it can leave it in the navigation bar for others to read (depending on
> the browser).
Not only that, but I'm pretty sure it no longer works in the more recent
browser versions.
> Additionally, if you're sending them to another site, the
> userid:password combination may not work - it only works when you're
> using webserver authentication, and not always then.
>
> And if it is another page on your site you're sending them to, there
> are better ways to do it (i.e. session variables).
--
Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com
Navigation:
[Reply to this message]
|