Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Nov 2004
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    accessing a pasword protected directory

    When accessing a file (expl: test.pdf) that is in a password protected directory (expl:pwdir) you can use a script like this after the <head> tag :
    <meta http-equiv="refresh" content="0;URL=http://username:password@www.domainname.com/pwdir/test.pdf">

    Is there a javascript equivalent for this? Because the problem is that the password becomes visible in the url and the status bar when it is carried out.

    Thank you
    Last edited by patrick t; 11-10-2004 at 08:48 PM.

  • #2
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Actually you must not have read the documentation on what's happening with Windows XP SP2 because that particular form of userid and password embedded into a url is no longer valid as of SP2. The change was made because it wasn't supported by non-MS browsers, spammers were using it heavily and the standards for the protocol actually don't allow it as valid either.

    In short, while it may work for now you're going to find it won't work much longer anyway. Possibly it's good you came here before you found out the hard way. Perhaps the first question that should be asked is why is that particular file protected using a userid and password when it could be made readable by the account running your web server and then it wouldn't require the user id and password in the first place. If you can change the permissions on the file to eliminate the need for the userid and password then you've fixed the problem.
    Check out the Forum Search. It's the short path to getting great results from this forum.

  • #3
    New Coder
    Join Date
    Nov 2004
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    the password protected directory is needed to store fax (.tif) files that can be viewed by members only. the members know their personnal password but not the password of the directory.

  • #4
    fci
    fci is offline
    Senior Coder
    Join Date
    Aug 2004
    Location
    Twin Cities
    Posts
    1,345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    use a server-side method.. do not use JS for this since that's not what JS is for.
    in PHP:
    http://us2.php.net/header
    Code:
    <?php
    // We'll be outputting a PDF
    header('Content-type: application/pdf');
    
    // It will be called downloaded.pdf
    header('Content-Disposition: attachment; filename="downloaded.pdf"');
    
    // The PDF source is in original.pdf
    readfile('original.pdf');
    ?>

  • #5
    New Coder
    Join Date
    Nov 2004
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    of course a server side method would be better but the website is directed by a content management system that is written in asp and all the data (except the .pdf files) are in a mysql database. The script (that accesses the pasword protected directory) will be in the mysql database with the other data. That's why only client side programming can be used,(asp code is simply displayed on the screen, and not executed). The goal is to make it as secure as it can be, not perfect.

  • #6
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There's really no way to reliably hide that user id and password combination if you pass it to the client and with the pending discontinuation of that form of passing the user id and password you're going to be left with users being prompted for a user id and password regardless. Any solution for this will have to be made on the server.
    Check out the Forum Search. It's the short path to getting great results from this forum.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •