Re: Anybody used htaccess in a form?

On Sun, 31 Aug 2008 16:11:10 +0100, "dE|_"
<spambusters@xxxxxxxxxxxxxxxxxxxx> wrote in
<swyuk.56786$OR5.20207@xxxxxxxxxxxxx>:

I had tried a very simple page encryption software that uses javascript to
scramble up the entire page's HTML until login. This is something I can do
entirely on my own but is obviously risky for accessibility.

Htaccess is one I tried, and works with no accessibility or cross-browser
issues, but is not pretty and the entry box does not sit in the page. That's
where we are now. It can sit in a form, but you need a script like php to
send the form details to the htaccess controller.
Question answered, and you have suggested the php fetch.

If all you want to protect is a single HTTP resource then the answers
you have been given may be sufficient, but in my experience this
situation is rare.

It is much more common to want to create an authenticated session so
that the user can retrieve a number of protected HTML, CSS, image and
perhaps other resources after a single login rather than having to
repeat the login for each individual resource.

Browsers generally have a built in way to respond to the authentication
requests defined in the HTTP protocol and will issue the necessary
headers without user intervention after the initial dialogue where the
user gives the username and password to the browser. Note here the
important point that the browser needs to be given that information if
it is to include it in the HTTP protocol exchanges for subsequent
resource retrievals. None of the suggestions for server-side processing
of form data have included any information about how the browser obtains
the user credentials. I am not aware of any way in which a server side
mechanism can add a username and password to the set from which the
browser selects the appropriate pair when creating the 'Authorization'
header in an HTTP request.

It is these HTTP protocol authentication mechanisms that people often
inaccurately refer to as 'htaccess' (see the Apache httpd documentation
if you want an explanation of why I say 'inaccurately'.)

Note here that the choice of server side language is irrelevant. If
anyone can say what protocol exchange between browser and server can
download credentials for basic or digest authentication from server to
browser then the server side part can be coded in whatever language you
like.

--
Owen Rees
[one of] my preferred email address[es] and more stuff can be
found at <http://www.users.waitrose.com/~owenrees/index.html>
.

Relevant Pages

  • Re: only one X11 application
    ... this should be a browser, ... the user should fall back to login. ... the X session will end too. ... It will start the X server and then run ...
    (comp.unix.solaris)
  • Re: login page stays on login page
    ... traffic between your browser and your web server. ... It seems your web server is redirecting your browser back to the web page ... My gut is that this has nothing to do with the login control flag. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Its COBOL, Jim, but not as we know it...
    ... has to do with browser delay and/or server workload. ... This has to do with Browser settings or tabs if you are ... COBDATA page and it should reveal the login page. ... identifying and installing the Firefox add-in needed to support ActiveX/COM ...
    (comp.lang.cobol)
  • Re: only one X11 application
    ... this should be a browser, ... fall back to login. ... the X session will end too. ... You only need to start the X server. ...
    (comp.unix.solaris)
  • Re: persistent connection
    ... I have some wired problem. ... and i am not getting all the data from the server. ... browser wild.It o some time shows the html code, ... It might be you are violating the http protocol. ...
    (comp.unix.programmer)