Protect folder w/URL access

software development

#1

I’ve used htaccess to protect folders, while allowing convenient access for clients by simply embedding their login and password in the URL (as in “http://user:pass@domain.com”).

I know that including the password in the URL isn’t the safest thing to do, but it’s reasonably safe for my needs and makes it ultra convenient for my clients to access the folder without having to fill in the authentication prompt.

Problem: IE7 now disallows URLs with embedded logins. :frowning:

So how can I achieve the same result without relying on an embedded password in the URL?

I’d be okay with writing a CGI to handle the authentication if there was some way it could forward the user to the protected directory without embedding the password in the URL which IE7 will choke on.

Is there some way to use redirect, or maybe even mod_rewrite, to do what I’m looking for?

Is there some other way to protect a directory other thn htaccess which I might have been luck handling in a CGI?

Thanks in advance for any tips you can share -

  • rg

#2

Sorry! You won’t be able to “forward the user to the protected directory.”

Not only would you need a CGI script to authenticate the visitor, but you also have to have a CGI script interecept each and every request to check to see if the visitor was authenticated and process the request itself. No more linking to static files for you. The files have to be moved outside the web directory or made “non-world readable” and the CGI script will have to open them and pipe them to the browser itself.

Another way would be to dynamically update an .htaccess file so that it checks for an authentication cookie.

:cool: openvein.org -//-