[Melbourne-pm] Perl web application framework recommendations

Scott Penrose scottp at dd.com.au
Wed Aug 18 00:04:40 CDT 2004

Hash: SHA1

On 18/08/2004, at 2:50 PM, Brad Bowman wrote:
> I guess I should clarify where I'm coming from here.
> I looked into using the basic credentials as a ticket for
> authentication since it can be set in the url
> http://user:pass@blah/ cross-site and works w/o cookies.
> The snag was that mozilla ignored the url credentials when
> it had already used other credentials successfully and
> instead of trying the url ones as a fallback it poped up
> the box.  It also ignored the auth domain in this scenario.

Got you now :-) Yes that is correct and it sucks.

Safari, IE and Konqueror all support user@ type URL, which is great 
when you just want to change your user, you just add user@ in front of 
your URL.

Unfortunately it appears that the Mozilla team have seen this to be 
compromise of security (not sure why). Maybe it is a Mozilla bug.


> This was the specific problem I was getting at.
> I only noticed it when trying out a cross-site auth idea.
- -- 
* - *  http://www.osdc.com.au - Open Source Developers Conference * - *
Scott Penrose
VP in charge of Pancakes
scottp at dd.com.au

Dismaimer: If you receive this email in error - please eat it 
immediately to prevent it from falling into the wrong hands.

Please do not send me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

Version: GnuPG v1.2.4 (Darwin)


More information about the Melbourne-pm mailing list