[pmwiki-users] can password be embedded into url?; https security
H. Fox
haganfox at users.sourceforge.net
Tue Jul 10 13:25:10 CDT 2007
On 7/9/07, W Randolph Franklin <pmwiki at wrfranklin.org> wrote:
> Hi,
>
> 1. Is it possible to combine a password into the url, so that
> accessing a protected page becomes a 1-step process? This would
> make it easier for people to access protected pages, say by
> simply clicking on a link in a bookmark list w/o having to
> remember the password. This would be especially appreciated by
> nontechnical people like upper managers.
>
> For example, non-wiki pages can already be accessed thus:
>
> http://user:password@site.dom/file
That's not a very well-protected file!
> 2. When I access a wiki page with https (to prevent snoopers from
> stealing the password), the browser warns that some info is not
> encrypted? What info?
Images? Stylesheets? View the page's source and look for "http:". If
it's a wiki that's part of a farm, make sure $FarmPubDir is a https://
URL.[1]
With a local customization you may be able to do
https://user:password@site.dom/wiki/Main/HomePage
and have access to the password-protected page.
Be aware that if you do that the content of the page may be encrypted,
but your upper manager's username and password will be sent in the
clear when the browser requests the page. Try it and check your
server's logs...
Hagan
[1] http://www.pmwiki.org/wiki/Cookbook/SwitchToSSLMode#farms
More information about the pmwiki-users
mailing list