[Melbourne-pm] Perl web application framework recommendations
Scott Penrose
scottp at dd.com.au
Wed Aug 18 00:04:40 CDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 18/08/2004, at 2:50 PM, Brad Bowman wrote:
> I guess I should clarify where I'm coming from here.
>
> I looked into using the basic credentials as a ticket for
> authentication since it can be set in the url
> http://user:pass@blah/ cross-site and works w/o cookies.
>
> The snag was that mozilla ignored the url credentials when
> it had already used other credentials successfully and
> instead of trying the url ones as a fallback it poped up
> the box. It also ignored the auth domain in this scenario.
Got you now :-) Yes that is correct and it sucks.
Safari, IE and Konqueror all support user@ type URL, which is great
when you just want to change your user, you just add user@ in front of
your URL.
Unfortunately it appears that the Mozilla team have seen this to be
compromise of security (not sure why). Maybe it is a Mozilla bug.
Scooter
> This was the specific problem I was getting at.
> I only noticed it when trying out a cross-site auth idea.
>
>
- --
* - * http://www.osdc.com.au - Open Source Developers Conference * - *
Scott Penrose
VP in charge of Pancakes
http://linux.dd.com.au/
scottp at dd.com.au
Dismaimer: If you receive this email in error - please eat it
immediately to prevent it from falling into the wrong hands.
Please do not send me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFBIuNoDCFCcmAm26YRAry1AJsFTHafGs/xY4+zC46Snf45tnx7dACeMllk
PWihhHEk2KIwXux1AVuVnc4=
=lZ/w
-----END PGP SIGNATURE-----
More information about the Melbourne-pm
mailing list