Difference between revisions of "Talk:Server.pl"

From Organic Design wiki
(IE quirks)
Line 1: Line 1:
 +
Here are some directives Apache uses when it deals with IE clients:
 +
 +
SetEnvIf User-Agent ".*MSIE.*" \
 +
nokeepalive ssl-unclean-shutdown \
 +
downgrade-1.0 force-response-1.0
 +
 +
Might give a clue to it's little quirks.
 +
 +
--[[User:Rob|Rob]] 09:44, 16 Feb 2006 (NZDT)
 +
 
Currently HTTP authentication is just base64 encoded username:password which is basically just plain text, so the password can easily be discovered.
 
Currently HTTP authentication is just base64 encoded username:password which is basically just plain text, so the password can easily be discovered.
 
*[http://frontier.userland.com/stories/storyReader$2159 Using MD5 with HTTP Authentication]
 
*[http://frontier.userland.com/stories/storyReader$2159 Using MD5 with HTTP Authentication]
 
*[http://greenbytes.de/tech/webdav/rfc2617.html RFC2617]
 
*[http://greenbytes.de/tech/webdav/rfc2617.html RFC2617]
 
*[http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html MS ActiveDirectory, but lots of MD5 header info]
 
*[http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html MS ActiveDirectory, but lots of MD5 header info]

Revision as of 20:44, 15 February 2006

Here are some directives Apache uses when it deals with IE clients:

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

Might give a clue to it's little quirks.

--Rob 09:44, 16 Feb 2006 (NZDT)

Currently HTTP authentication is just base64 encoded username:password which is basically just plain text, so the password can easily be discovered.