Web Hosting Forum | Lunarpages

Author Topic: .htaccess login embedded in page. Is this script secure?  (Read 4444 times)

Offline jhon

  • Intergalactic Cowboy
  • *****
  • Posts: 57
.htaccess login embedded in page. Is this script secure?
« on: October 15, 2004, 07:09:12 PM »
Hi,

Any answers and help would be appreciated...

Rather that the login popup the comes when using .htaccess I would like to make a login page.  Having no clues myself, I was hoping that some of you could comment as to whether this
 
http://javascript.internet.com/navigation/htaccess-login.html

script is considered safe to use.

My .htaccess is up and running but I feel that a login page with explanations and some info would be better in terms of usability.

Thanks in advance for any help that you can provide.

Cheers,

Jhon

Offline Ed

  • Berserker Poster
  • *****
  • Posts: 5177
    • Joke A Whenever
.htaccess login embedded in page. Is this script secure?
« Reply #1 on: October 15, 2004, 08:22:53 PM »
Not secure - but its not bypassable like a normal Java auth script.

var htsite = "http://" + username + ":" + password + "@" + server;
window.location = htsite;

All it does is send a plain text url with your username and password. Some IE version will not support this.

Question is wether you want your history, server logs, and local network traffic containing the following string:

http://yourusername:password@domain.com/

Thats my 2 cents :)

Offline jhon

  • Intergalactic Cowboy
  • *****
  • Posts: 57
.htaccess login embedded in page. Is this script secure?
« Reply #2 on: October 16, 2004, 12:08:43 AM »
Thanks a lot Ed,

I have no clues about this.  I don't want my usernames & passwords flying around.

Any suggestions on how to securely embed the .htaccess login into a page?

Any help appreciated.

Cheers,

Jhon


Offline jhon

  • Intergalactic Cowboy
  • *****
  • Posts: 57
.htaccess login embedded in page. Is this script secure?
« Reply #4 on: October 16, 2004, 05:12:33 AM »
Hi Ed,

Thanks again for your response.

I allready have the .htaccess working, thanks to help from the forums.  What I would like to do is get rid of the popup login and use the .htaccess login through a page instead.  I have been searching for a way to do this, but haven't found anything that was considered secure.

Cheers,

Jhon

Offline Ed

  • Berserker Poster
  • *****
  • Posts: 5177
    • Joke A Whenever
.htaccess login embedded in page. Is this script secure?
« Reply #5 on: October 16, 2004, 05:44:51 AM »
I don't have time to explain it now but there is a way to use PHP to send the correct headers to process it I beleive.

Google :)

Any one else have a good answer ?

Offline TranzNDance

  • Princess of Naboo
  • Berserker Poster
  • *****
  • Posts: 11607
    • Thu Tu's Blog
.htaccess login embedded in page. Is this script secure?
« Reply #6 on: October 16, 2004, 06:03:32 AM »
I don't think you can use .htaccess protection and have the login on a page. You would need to use a scripting language like PHP to process the login.
:whip: :love: :whip: :love: :whip: :love:

Lupine1647

  • Guest
.htaccess login embedded in page. Is this script secure?
« Reply #7 on: October 16, 2004, 07:35:27 AM »
yea, PHP Login, they got a tutorial at www.phpfreaks.com

Offline jhon

  • Intergalactic Cowboy
  • *****
  • Posts: 57
.htaccess login embedded in page. Is this script secure?
« Reply #8 on: October 17, 2004, 04:43:15 PM »
Hello everyone,

Thanks a lot for your help.  I've been trying to find something on Google for a while now but rather unsuccessfully.

A few places hinted that a .htaccess login page was possible and quite secure but gave no details on how to do this.

I'll check out phpfreaks and hopefully that will sort out these troubles.

Thanks again,

Jhon

 

Share |