URL and .htaccess

Re: URL and .htaccess

Bob Bedford <bedford1@YouKn owWhatToDoHereh otmail.com> wrote:[color=blue]
> I've protected a directory with an .htaccess file.
>
> I'd like some of the files in this directory to be accessible by a scheduler
> that runs an "URL". The problem is that the scheduler runs scripts in this
> directory, so the server asks a username and password. How to avoid this ???
> Should I set the .htaccess file to allow GET, but how ??? and what would be
> the URL ???
>
> directory tree:
>
> admin
> .htaccess
> admin.htm //frame
> adminmnu.htm //menu in frame
> script1.php
> script2.php
> script3.php
>
>
> I'd like to run the script from home with a scheduler like:
> https://www.mysite.com/admin/script2...password=pass;
> username and password being the ones asked in the .htaccess file.
>
> How to do so ?
>
> Bob[/color]

Theoretically:
http://htuser:htpass@www.mysite.com/...&password=pass

Might work - or not... depends on the browser.
--
Simon Stienen <http://dangerouscat.ne t> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle

Re: URL and .htaccess

*** Bob Bedford wrote/escribió (Fri, 24 Sep 2004 17:32:51 +0200):[color=blue]
> I've protected a directory with an .htaccess file.[/color]
[color=blue]
> I'd like to run the script from home with a scheduler like:
> https://www.mysite.com/admin/script2...password=pass;
> username and password being the ones asked in the .htaccess file.[/color]

You can't pass auth data this way if you are using Apache mod_auth; the
data must go in the request headers. I can think of two options:

* Use another auth system to protect the site
* Change your scheduled script so it can provide HTTP auth data

I normally use the latter option but of course it depends on what your
script looks like.

--
-- Álvaro G. Vicario - Burgos, Spain
-- Thank you for not e-mailing me your questions
--

Re: URL and .htaccess

> Theoretically:[color=blue]
>[/color]
http://htuser:htpass@www.mysite.com/...&password=pass[color=blue]
>
> Might work - or not... depends on the browser.[/color]

Already tried, seems not to work with IE6.... thanks anyway

Cheers

Re: URL and .htaccess

Bob Bedford <bedford1@YouKn owWhatToDoHereh otmail.com> wrote:[color=blue][color=green]
>> Theoretically:
>>[/color]
> http://htuser:htpass@www.mysite.com/...&password=pass[color=green]
>>
>> Might work - or not... depends on the browser.[/color]
>
> Already tried, seems not to work with IE6.... thanks anyway
>
> Cheers[/color]

Yep. Exactly _there_ MS killed the support for this syntax "for security
reasons"...
--
Simon Stienen <http://dangerouscat.ne t> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle

Re: URL and .htaccess

.oO(Simon Stienen)
[color=blue]
>Bob Bedford <bedford1@YouKn owWhatToDoHereh otmail.com> wrote:[color=green][color=darkred]
>>> Theoretically:
>>>[/color]
>> http://htuser:htpass@www.mysite.com/...&password=pass[color=darkred]
>>>
>>> Might work - or not... depends on the browser.[/color]
>>
>> Already tried, seems not to work with IE6.... thanks anyway
>>
>> Cheers[/color]
>
>Yep. Exactly _there_ MS killed the support for this syntax "for security
>reasons"...[/color]

The explanation might be questionable, but after all the decision was
correct. Username and password are not allowed in HTTP URLs by RFC 1783:

| An HTTP URL takes the form:
|
| http://<host>:<port>/<path>?<searchp art>
|
| where <host> and <port> are as described in Section 3.1. If :<port>
| is omitted, the port defaults to 80. No user name or password is
| allowed. ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^
| ^^^^^^^^

<http://www.freesoft.or g/CIE/RFC/1738/14.htm>

It is allowed for other schemes like FTP.

Micha

Re: URL and .htaccess

.oO(Simon Stienen)
[color=blue]
>Bob Bedford <bedford1@YouKn owWhatToDoHereh otmail.com> wrote:[color=green][color=darkred]
>>> Theoretically:
>>>[/color]
>> http://htuser:htpass@www.mysite.com/...&password=pass[color=darkred]
>>>
>>> Might work - or not... depends on the browser.[/color]
>>
>> Already tried, seems not to work with IE6.... thanks anyway
>>
>> Cheers[/color]
>
>Yep. Exactly _there_ MS killed the support for this syntax "for security
>reasons"...[/color]

The explanation might be questionable, but after all the decision was
correct. Username and password are not allowed in HTTP URLs by RFC 1738:

| An HTTP URL takes the form:
|
| http://<host>:<port>/<path>?<searchp art>
|
| where <host> and <port> are as described in Section 3.1. If :<port>
| is omitted, the port defaults to 80. No user name or password is
| allowed. ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^
| ^^^^^^^^

<http://www.freesoft.or g/CIE/RFC/1738/14.htm>

It is allowed for other schemes like FTP.

Micha

Re: URL and .htaccess

Michael Fesser <netizen@gmx.ne t> wrote:[color=blue]
> .oO(Simon Stienen)
>[color=green]
>>Bob Bedford <bedford1@YouKn owWhatToDoHereh otmail.com> wrote:[color=darkred]
>>>> Theoretically:
>>>>
>>> http://htuser:htpass@www.mysite.com/...&password=pass
>>>>
>>>> Might work - or not... depends on the browser.
>>>
>>> Already tried, seems not to work with IE6.... thanks anyway
>>>
>>> Cheers[/color]
>>
>>Yep. Exactly _there_ MS killed the support for this syntax "for security
>>reasons"...[/color]
>
> The explanation might be questionable, but after all the decision was
> correct. Username and password are not allowed in HTTP URLs by RFC 1738:
>
>| An HTTP URL takes the form:
>|
>| http://<host>:<port>/<path>?<searchp art>
>|
>| where <host> and <port> are as described in Section 3.1. If :<port>
>| is omitted, the port defaults to 80. No user name or password is
>| allowed. ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^
>| ^^^^^^^^
>
> <http://www.freesoft.or g/CIE/RFC/1738/14.htm>
>
> It is allowed for other schemes like FTP.
>
> Micha[/color]

Ok, but this RFC is dated 1994, I guess it will be updated soon, since
afaik http://user:pass@host/ is inplemented in every important browser and
webspace providers advertise with the so-called "@-domains".
--
Simon Stienen <http://dangerouscat.ne t> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle

Re: URL and .htaccess

On Fri, 24 Sep 2004 23:29:39 +0200, Simon Stienen
<simon.stienen@ news.slashlife. de> wrote:
[color=blue]
>Ok, but this RFC is dated 1994, I guess it will be updated soon,[/color]

No, not likely.

--
Andy Hassall / <andy@andyh.co. uk> / <http://www.andyh.co.uk >
<http://www.andyhsoftwa re.co.uk/space> Space: disk usage analysis tool

Re: URL and .htaccess

"Bob Bedford" <bedford1@YouKn owWhatToDoHereh otmail.com> wrote in message
news:41543e24$0 $21019$5402220f @news.sunrise.c h...[color=blue]
> I've protected a directory with an .htaccess file.
>
> I'd like some of the files in this directory to be accessible by a[/color]
scheduler[color=blue]
> that runs an "URL". The problem is that the scheduler runs scripts in this
> directory, so the server asks a username and password. How to avoid this[/color]
???[color=blue]
> Should I set the .htaccess file to allow GET, but how ??? and what would[/color]
be[color=blue]
> the URL ???
>[/color]

What exactly is this scheduler?

Re: URL and .htaccess

Chung Leong <chernyshevsky@ hotmail.com> wrote:[color=blue]
> "Bob Bedford" <bedford1@YouKn owWhatToDoHereh otmail.com> wrote in message
> news:41543e24$0 $21019$5402220f @news.sunrise.c h...[color=green]
>> I've protected a directory with an .htaccess file.
>>
>> I'd like some of the files in this directory to be accessible by a[/color]
> scheduler[color=green]
>> that runs an "URL". The problem is that the scheduler runs scripts in this
>> directory, so the server asks a username and password. How to avoid this[/color]
> ???[color=green]
>> Should I set the .htaccess file to allow GET, but how ??? and what would[/color]
> be[color=green]
>> the URL ???
>>[/color]
>
> What exactly is this scheduler?[/color]

The MS Windows "equivalent " for cron-jobs, but I don't know, how far the
functionality can compete with crons...
--
Simon Stienen <http://dangerouscat.ne t> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle

Re: URL and .htaccess

Simon Stienen wrote:
[color=blue]
> Ok, but this RFC is dated 1994,[/color]

RFC1738 has been updated by, amongst others, RFC2396 (1998),
the current spec of generic URI syntax. It'd be out of
place to define particular schemes there, but it does warn
against 'the passing of authentication information in clear
text' (sec. 3.2.2).
[color=blue]
> I guess it will be updated soon,[/color]

Don't guess about an RFC's status; search the index.


[color=blue]
> since afaik http://user:pass@host/ is inplemented in every important
> browser and webspace providers advertise with the so-called "@-domains".[/color]

The ABNF in RFC2616, the authoritative reference for HTTP
URI syntax, doesn't allow usernames or passwords (also sec.
3.2.2).

--
Jock

Re: URL and .htaccess

"Simon Stienen" <simon.stienen@ news.slashlife. de> wrote in message
news:24zj5z6gi5 j4.dlg@news.dan gerouscat.net.. .[color=blue]
> Chung Leong <chernyshevsky@ hotmail.com> wrote:[color=green]
> > "Bob Bedford" <bedford1@YouKn owWhatToDoHereh otmail.com> wrote in message
> > news:41543e24$0 $21019$5402220f @news.sunrise.c h...[color=darkred]
> >> I've protected a directory with an .htaccess file.
> >>
> >> I'd like some of the files in this directory to be accessible by a[/color]
> > scheduler[color=darkred]
> >> that runs an "URL". The problem is that the scheduler runs scripts in[/color][/color][/color]
this[color=blue][color=green][color=darkred]
> >> directory, so the server asks a username and password. How to avoid[/color][/color][/color]
this[color=blue][color=green]
> > ???[color=darkred]
> >> Should I set the .htaccess file to allow GET, but how ??? and what[/color][/color][/color]
would[color=blue][color=green]
> > be[color=darkred]
> >> the URL ???
> >>[/color]
> >
> > What exactly is this scheduler?[/color]
>
> The MS Windows "equivalent " for cron-jobs, but I don't know, how far the
> functionality can compete with crons...[/color]

Schedule wget or Netscape instead of IE and use the
http://user:password@server/ syntax.

Re: URL and .htaccess

Chung Leong <chernyshevsky@ hotmail.com> wrote:[color=blue]
> "Simon Stienen" <simon.stienen@ news.slashlife. de> wrote in message
> news:24zj5z6gi5 j4.dlg@news.dan gerouscat.net.. .[color=green]
>> Chung Leong <chernyshevsky@ hotmail.com> wrote:[color=darkred]
>>> "Bob Bedford" <bedford1@YouKn owWhatToDoHereh otmail.com> wrote in message
>>> news:41543e24$0 $21019$5402220f @news.sunrise.c h...
>>>> I've protected a directory with an .htaccess file.
>>>>
>>>> I'd like some of the files in this directory to be accessible by a
>>> scheduler
>>>> that runs an "URL". The problem is that the scheduler runs scripts in[/color][/color]
> this[color=green][color=darkred]
>>>> directory, so the server asks a username and password. How to avoid[/color][/color]
> this[color=green][color=darkred]
>>> ???
>>>> Should I set the .htaccess file to allow GET, but how ??? and what[/color][/color]
> would[color=green][color=darkred]
>>> be
>>>> the URL ???
>>>>
>>>
>>> What exactly is this scheduler?[/color]
>>
>> The MS Windows "equivalent " for cron-jobs, but I don't know, how far the
>> functionality can compete with crons...[/color]
>
> Schedule wget or Netscape instead of IE and use the
> http://user:password@server/ syntax.[/color]

_I_ do have an unix server and therefore cron jobs :)
Anyway, the OP doesn't.

Instead of wget or Netscape, he could also call the PHP CLI to generate the
requests...
The one of PEAR should be just fine (never worked with PEAR :S) or any self
written... My own function for this is up at
<http://trashbin.danger ouscat.net/div/webcontent.php. txt>
(Hey, I wrote it for me, so it doesn't need any comments ;P)
--
Simon Stienen <http://dangerouscat.ne t> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle