[WEB4LIB] perl print Location

Thomas Dowling tdowling at ohiolink.edu
Fri Jul 23 17:18:43 EDT 1999


The URL specification specifically prohibits the <username>:<password>
construct in HTTP URLs (see RFC1738 section 3.3).  I know this from
painful experience, because one of our remote vendors employs this hack,
and one of our consortium members has a campus firewall that absolutely
will not allow these URLs through.

So, since what you're doing is disallowed in the spec, any particular
browser (or firewall, or anything else that handles URLs) is within its
rights to ignore it.

Thomas Dowling
OhioLINK - Ohio Library and Information Network
tdowling at ohiolink.edu


----- Original Message -----
From: Webmaster <WebMaster at RoyalRoads.ca>
To: Multiple recipients of list <web4lib at webjunction.org>
Sent: Friday, July 23, 1999 5:03 PM
Subject: [WEB4LIB] perl print Location


> For some time now we have been using a very simple perl script to pass a
> userid & password to a remote database by having our users click on a
link
> for a local CGI script.  In essence all the script contains is:
>
> $userid="USERID";
> $password="PASSWORD";
> print "Location:
> http://$userid:$password\@some.isp.url/index.htm\n\n\n";
>
> This has worked and continues to work in Netscape 3.x and 4.x and I
thought
> it worked in IE 3.x, but now as our users have moved to Internet
Explorer
> 5.x (we seem to be skipping 4.x) it is no longer functioning correctly.
>
> When IE 5.x is the browser the script executes, but the remote site
ignores
> the userid and password and prompts for them to be entered.  If our user
> clicks cancel (to the userid/password prompt) and clicks the browser
refresh
> button it works as it does in Netscape.
>
> What has changed and what can I do about it?
>
> Regards,
> Liz
>



More information about the Web4lib mailing list