Difference between revisions of "Talk:Server.pl"
From Organic Design wiki
(IE quirks) |
|||
| Line 1: | Line 1: | ||
| + | Here are some directives Apache uses when it deals with IE clients: | ||
| + | |||
| + | SetEnvIf User-Agent ".*MSIE.*" \ | ||
| + | nokeepalive ssl-unclean-shutdown \ | ||
| + | downgrade-1.0 force-response-1.0 | ||
| + | |||
| + | Might give a clue to it's little quirks. | ||
| + | |||
| + | --[[User:Rob|Rob]] 09:44, 16 Feb 2006 (NZDT) | ||
| + | |||
Currently HTTP authentication is just base64 encoded username:password which is basically just plain text, so the password can easily be discovered. | Currently HTTP authentication is just base64 encoded username:password which is basically just plain text, so the password can easily be discovered. | ||
*[http://frontier.userland.com/stories/storyReader$2159 Using MD5 with HTTP Authentication] | *[http://frontier.userland.com/stories/storyReader$2159 Using MD5 with HTTP Authentication] | ||
*[http://greenbytes.de/tech/webdav/rfc2617.html RFC2617] | *[http://greenbytes.de/tech/webdav/rfc2617.html RFC2617] | ||
*[http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html MS ActiveDirectory, but lots of MD5 header info] | *[http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html MS ActiveDirectory, but lots of MD5 header info] | ||
Revision as of 20:44, 15 February 2006
Here are some directives Apache uses when it deals with IE clients:
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
Might give a clue to it's little quirks.
--Rob 09:44, 16 Feb 2006 (NZDT)
Currently HTTP authentication is just base64 encoded username:password which is basically just plain text, so the password can easily be discovered.
