Penetration Testing mailing list archives
Re: [PEN-TEST] HTML source code and authentication
From: Martijn Prummel <punisher () ZEGMAAR NL>
Date: Tue, 19 Dec 2000 14:40:03 +0100
Chris Tobkin wrote:
click SUBMIT, but the Hidden Fields are Bad Thing (tm).
Agreed. I wouldn't use forms for authentication at all. We also have a thing called HTTPAuth :) Just add a http_auth_required header. This means a 401 webserv response with a header called WWW-Authenticate: basic realm="Blahblah" This will popup a browser window asking for user/pass. The content of this can be read by looking into the auth header sent back to the server. This is MIME64 encoded, so not too hard :) Grtz, Martijn -- # whatis life life: nothing appropriate
Current thread:
- [PEN-TEST] HTML source code and authentication Skinner, Tim L. (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication Bennett Todd (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication c0ncept (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication NetW3.COM Consulting (Dec 19)
- <Possible follow-ups>
- Re: [PEN-TEST] HTML source code and authentication Adams, Gavin (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication Yonatan Bokovza (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication Chris Tobkin (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication Martijn Prummel (Dec 19)