Can I pass username and pw for protected dir as args in URL?

Dev Shed Forums Sponsor:

June 13th, 2009, 12:58 PM

doctormelodious

Contributing User

Join Date: Aug 2003

Posts: 92

Time spent in forums: 1 Day 36 m 51 sec
Reputation Power: 7

general - Can I pass username and pw for protected dir as args in URL?

Greetings,

Say I have a file at http://mydomain.com/protectedDir/foo.mp3, where the username for the protected directory is fred and the password is jones.

Is it possible to enter the username and password as arguments in the URL typed into the browser's navigation bar, rather than having the browser's log-in dialog come up? If so, what would the names of the args be? I took a shot in the dark and tried entering them as though I were passing args to a CGI script (http://mydomain.com/protectedDir/foo.mp3?username=fred&password=jones) but it didn''t work.

Thanks!
DM

June 13th, 2009, 01:28 PM

hiker

They're coming to take me away

Join Date: Jan 2005

Location: Florida

Posts: 4,149

Folding Points: 33832 Folding Title: Starter Folder

Time spent in forums: 2 Months 2 Weeks 8 h 53 m 20 sec
Reputation Power: 3178

Quote:

Originally Posted by doctormelodious

Not sure if you can do that directly for a file, but you can for a page that may have a link to the file. Basically doing username=fred&password=jones, you need to have something along these lines on the page you're going to:

Code:

<?php
$username = $_GET['username'];
$password = $_GET['password'];

$sql = "SELECT * FROM `table` WHERE `username` = '$username' AND `password` = '$password'";
$result = mysql_query($sql, $conn) or die(mysql_error());

?>

Then you could redirect them or do whatever needs to be done with the code. But basically you need a php page to process the get method for pulling in the info from the URL.

Once the variables from the url have been pulled into the page, you can have the code redirect them to the .mp3 file... but other than that, I'm not sure.. someone else may have a better solution for you.

This would probably be better in the PHP forum rather than Apache.... (I'm assuming you're using PHP).

If you're using something else let me know and I will have this moved to the appropriate forum.

June 13th, 2009, 06:59 PM

requinix

nuts - top 5 poster again :(

Join Date: Mar 2007

Location: Washington, USA

Posts: 5,301

Folding Points: 161153 Folding Title: Super Ultimate Folder - Level 1

Time spent in forums: 4 Months 9 h 54 m 20 sec
Reputation Power: 2967

That type of authentication is sent using HTTP headers, not with anything through the URL.
If you want to bypass it then you need another authentication method: like putting the username and password in the URL as hiker suggested.

__________________
How to ask a PHP question | My stuff

June 18th, 2009, 01:25 PM

djlarsu

Registered User

Join Date: May 2009

Posts: 29

Time spent in forums: 4 h 8 m 11 sec
Reputation Power: 0

Although you shouldn't, it is possible.

The format is:

Code:

https://username:password@servername.example.com/directory/

That will submit a username/password to HTTP Basic Auth. Also works for ftp from a browser. So, here's why you shouldn't use this:
I think MS released a patch for IE that broke this some time ago, so likely only works in Firefox/Safari.
Submitting this over anything other than https password the user/pass over cleartext.
Storing credentials (like on the webserver holding this page) is a bad idea. It really kinda defeats the purpose of authentication, and makes you susceptible to many other attacks.

Last edited by djlarsu : June 18th, 2009 at 01:27 PM. Reason: Hadn't wrapped the format in [code], so it included a smiley

Viewing: Dev Shed Forums > System Administration > Apache Development > general - Can I pass username and pw for protected dir as args in URL?

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump

Free IT White Papers!

How to Present Effectively Online
This white paper offers practical and actionable advice on the key steps that any presenter should consider as they plan and execute a Webinar or online meeting.

Open Source Security Myths
Open Source Software (OSS) is computer software whose source code is available to the general public with relaxed or non-existent intellectual property restrictions (or arrangement such as the public domain), and is usually developed with the input of many contributors.

Power and Cooling Capacity Management for Data Centers
This paper describes the principles for achieving power and cooling capacity management.

Scalable, Fault-Tolerant NAS for Oracle - The Next Generation
For several years NAS has been evolving as a storage alternative for Oracle databases, and for good reason: NAS is quite often the simplest, most cost-effective storage approach for Oracle. Learn about the benefits that HP's approach to scalable NAS brings to Oracle environments in this comprehensive white paper.

Understanding Web Application Security Challenges
This white paper discusses many common threats and preventive measures for Web application security, and explains what you can do to help protect your organization.

More Free IT White Papers!