Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > Miscellaneous > Lounge

Notices

Reply
 
Thread Tools Search this Thread
Old 02-09-2004, 06:29 AM   #1
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 17,107
Karma: 10995944
Join Date: Oct 2002
Location: Switzerland
Device: Sony PRS-650 / Nexus 7 / Kindle PW
Exclamation IE security patch disables passwords in URLs

Microsoft released a patch last week that disables support for handling user names and passwords in HTTP and HTTPS. Read further if you are interested in enabling this feature again.

The problem occurs when programmers design a Web site to enable a Web user to log in by typing credentials into the URL. In such cases, the Web address might look like this:

http://username:password@www.somecompany.com/index.html.

The link gives the person access to a company's Web site when the authentication program verifies the username and password.

Because the username and password are part of the Web address and are not encrypted, embedding the credential in the URL is considered a security risk.

What Microsoft did is simply to disable the support for username:password@ urls. Cool, heh? All of a sudden, you come in one day, and things aren't working anymore, because Microsoft has determined that a way they are doing things is not secure.

So if you still want to be able to use this feature, download and execute the attached registry-file (remove the .txt extension first).

Code:
REGEDIT4
; Enable handling user information in HTTP and in HTTPS URLs
; More info here: http://support.microsoft.com/default...b;en-us;834489
; Feb 8, 2004. Turcic.com
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
Attached Files
File Type: txt ie_enablepassinurl.reg.txt (446 Bytes, 1159 views)
Alexander Turcic is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
epub and longs urls irc ePub 10 08-27-2010 11:04 AM
Confused by behavior of two pdfs w/permissions passwords, but no open passwords/DRM grr PDF 0 12-21-2009 02:21 PM
Firmware Update Kindle 2.0.3 officially disables TTS demoric Amazon Kindle 14 08-07-2009 06:37 PM
ebook URLs on delicious.com Teresita3 Deals, Freebies, and Resources (No Self-Promotion) 0 01-29-2007 12:46 AM
iRex iLiad patch V2.7.1 closes security holes Alexander Turcic iRex 11 10-26-2006 11:41 AM


All times are GMT -4. The time now is 01:36 PM.


MobileRead.com is a privately owned, operated and funded community.