tags:

views:

22

answers:

1
Q: 

Basic authentication in IE

A URL such as http://username:[email protected]/ does not work in Internet Explorer, as explained at http://support.microsoft.com/kb/834489. I can't find a proper workaround for this. I want just a simple link in a HTML document which works.

Edit to add the purpose of the exercise:

We have a website, with fairly secure cookie-based login. We have standard stats packages (Webalizer and AWStats) which use HTTP authentication. I want to give the administrator of the site a quick link to the stats. The link, which includes the password, will be available only to a logged in administrator. It's no great security risk.

A: 

The username:[email protected] construct was removed as a security feature. Storing passwords in plain text is a bad idea to start with, and this form of the url was a frequently used attack vector for phishing attacks. The article you link to lists some work-arounds... can you not just prompt the user to enter a password?

If you give a little more details about what you're doing, it's possible a better solution may be found.

jeffamaphone  2010-09-01 18:31:49
We have a website, with fairly secure cookie-based login. We have standard stats packages (Webalizer and AWStats) which use HTTP authentication. I want to give the administrator of the site a quick link to the stats. The link, which includes the password, will be available only to a logged in administrator. It's no great security risk.
TRiG  2010-09-02 11:07:12
Question edited to add above comment.
TRiG  2010-09-02 11:08:36

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.