[Melbourne-pm] Perl web application framework recommendations

[Scott Penrose]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 18/08/2004, at 2:50 PM, Brad Bowman wrote:
> I guess I should clarify where I'm coming from here.
>
> I looked into using the basic credentials as a ticket for
> authentication since it can be set in the url
> http://user:pass@blah/ cross-site and works w/o cookies.
>
> The snag was that mozilla ignored the url credentials when
> it had already used other credentials successfully and
> instead of trying the url ones as a fallback it poped up
> the box.  It also ignored the auth domain in this scenario.

Got you now :-) Yes that is correct and it sucks.

Safari, IE and Konqueror all support user@ type URL, which is great 
when you just want to change your user, you just add user@ in front of 
your URL.

Unfortunately it appears that the Mozilla team have seen this to be 
compromise of security (not sure why). Maybe it is a Mozilla bug.

Scooter

> This was the specific problem I was getting at.
> I only noticed it when trying out a cross-site auth idea.
>
>
- -- 
* - *  http://www.osdc.com.au - Open Source Developers Conference * - *
Scott Penrose
VP in charge of Pancakes
http://linux.dd.com.au/
scottp at dd.com.au

Dismaimer: If you receive this email in error - please eat it 
immediately to prevent it from falling into the wrong hands.

Please do not send me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBIuNoDCFCcmAm26YRAry1AJsFTHafGs/xY4+zC46Snf45tnx7dACeMllk
PWihhHEk2KIwXux1AVuVnc4=
=lZ/w
-----END PGP SIGNATURE-----