Re: passwords can't be retrieved using auth?

Brian Jones (cbj@nortel.net)
19 Sep 1998 11:20:59 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chai-Hup Chen: "Parallel UserAgent (2.36) bug?"
Previous message: Jeff Silverman: "Re: Search engines"
In reply to: Axel Amthor: "RE: passwords can't be retrieved using auth?"

Axel Amthor <axel.amthor@interprise.de> writes:

> Hi,
> get yourself a copy of RFC 2068. As described there (several sections)
> things are very easy. Once you got the "Authenticate: Credentials" header
> through whatever you want, take "credentials" and decode the string with
> base64decode (The string is base64 encoded 'cause passwords may contain
> tokens or 8-bit char's)
> What you get is a string like userid:password (or vice versa, just look in
> that RFC).
> Be aware of the fact that password may contain any character, ':', '\n' as
> well as
> none-printables!

Apache by default strips out the Authenticate: header.  It is very
easy to comment out those two lines of code in the Apache source, but
just be sure you really *want* to do that as it has some security
implications with possibly other people/scripts seeing the
information.

Brian
-- 
|-------------------------------|Software Engineer
|Brian Jones			|cbj@nortel.net
|cbj@gnu.org			|http://www.nortel.net
|http://www.classpath.org/      |------------------------------

Next message: Chai-Hup Chen: "Parallel UserAgent (2.36) bug?"
Previous message: Jeff Silverman: "Re: Search engines"
In reply to: Axel Amthor: "RE: passwords can't be retrieved using auth?"