http authentication on IE6

tampriscilla

Microsoft has recently annonce no longer support the following url syntax

http(s)://username: password@www.example.com

on IE6 or after you install the MS04-004 Cumulative Security Update for Internet Explorer (832894)

I'm not stuck on my program, which use session to hold the username and password.

is there any other way that I can use to enter a protected website, without prompts users for a user name and a password???

I know you can add a " registry keys " to your PC which can solve that problem. But what I'm doing is a online shop, so I can't ask my client to do that on their machine. I want a solution which I can do on my programming.

Thanks in advance!!

BoBo

TheDefender

Cookies...
When the user enters the site, they check the "Remember Me" checkbox, at which point in time, you store their username and encrypted password in a cooke. The next time they visit, you check for that cookie, and if it exists, you use the info stored in that cookie to let them right in without loggin in. It's how most sites do it (including the forums here).

I would never ever consider passing a username and or password through a URL like that anyhow. I am amazed Microsoft took this long to disable that "feature".

tampriscilla

I found that I can use the cgi program to post the username and password use the following syntax:

"http://www.abc.com/stats.cgi?user=username&pass=password"

But I know nothing about cgi.
Does anyone know how to write the .cgi script???

Thx a lot!!!

TheDefender

2 things...

1) This is a PHP forum, so you may not find the desired help for a cgi script here...

AND (This one is a big one)

2) You should exhaust all other methods of doing this WITHOUT passing the username and password through the URL. It wouldn't take a rogue user very long to be able to infiltrate your data, and compromise all of your user accounts and passwords. The security risks are a nightmare.

tampriscilla

well... the reason why I still want to include the username and password in the url address is I have a folder which contains many pictures in it. The folder is protected!!

How can I display the picture without prompt user for password???