[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: RE: Encoding charset of HTTP Basic Authentication
More fun with the protocol: This also seems to work :D (on Chromium Linux) <?php header("Refresh: 0;javascript:alert('Yo!')"); ?> So you can run javascript inyecting something in the headers. Practical if you need a proxy to run something on all webpages. On 23 February 2012 13:37, Tei <oscar.vives@gmail.com> wrote: > Protocols are fun :D > > > Some dude HTML page withouth HTML: > http://css-tricks.com/using-css-without-html/ > > > My PHP script that returns a page in TXT and HTML (perhaps a way to > download a webpage that include images in parts of the multipart mime > document): > > <?php > > header("Subject: Test multipart"); > header("MIME-Version: 1.0"); > header("Content-type: multipart/x-mixed-replace; boundary=xstringx"); > > ?> > --xstringx > Content-type: text/xml; charset=iso-8859-1 > Content-Transfer-Encoding: quoted-printable > > <xml>Sample Text Content</xml> > > --xstringx > Content-type: text/html; charset=iso-8859-1 > Content-Transfer-Encoding: quoted-printable > > <html> > <head> > </head> > <body> > <div style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sample HTML = > <b>C</b>ontent</div> > </body> > </html> > --xstringx > > > > On 23 February 2012 12:35, Pete Cordell <petexmldev@codalogic.com> wrote: >> I know this is an old thread (and this is not really the right list for a >> detailed discussion on this topic), but I did some musings on what would be >> involved to doing digest style authentication of password data in HTML form >> data. Â I've written a quick blog post up on it and to me it seems quite >> doable. >> >> Have a read at: http://codalogic.com/blogs/pete/?p=376 >> >> Thanks for your indulgence! >> >> >> Pete Cordell >> Codalogic Ltd >> Interface XML to C++ the easy way using C++ XML >> data binding to convert XSD schemas to C++ classes. >> Visit http://codalogic.com/lmx/ or http://www.xml2cpp.com >> for more info >> ----- Original Message ----- From: "Pete Cordell" <petexmldev@codalogic.com> >> To: "Greg Hunt" <greg@firmansyah.com> >> Cc: "xml-dev" <xml-dev@lists.xml.org> >> Sent: Monday, January 30, 2012 1:52 PM >> >> Subject: Re: RE: Encoding charset of HTTP Basic Authentication >> >> >>> I'm surprised I'm in a minority of one on this. Â I've snipped out lots of >>> comments in a reply, but my basic position is that we shouldn't be adopting >>> a "buyer beware" position when it comes to handling passwords when we know >>> there are better ways to do it, and we have known that for the best part of >>> a decade. >>> >>> The upside of this is that I will be delving into my server configs and >>> changing them to use Digest if I can. Â So I'm pleased that the topic has >>> been raised from that point of view. >>> >>> A quick question before I do though, does Digest require the server to >>> have access to the password in clear text form, whereas Basic allows the >>> server to store the password in some hashed form? >>> >>> Thanks, >>> >>> Pete Cordell >>> Codalogic Ltd >>> Interface XML to C++ the easy way using C++ XML >>> data binding to convert XSD schemas to C++ classes. >>> Visit http://codalogic.com/lmx/ or http://www.xml2cpp.com >>> for more info >>> ----- Original Message ----- From: "Greg Hunt" <greg@firmansyah.com> >>> To: "Pete Cordell" <petexmldev@codalogic.com> >>> Cc: "xml-dev" <xml-dev@lists.xml.org> >>> Sent: Monday, January 30, 2012 11:29 AM >>> Subject: Re: RE: Encoding charset of HTTP Basic Authentication >>> >>> >>>> Surely most of us here get paid to know how things work and what their >>>> strengths and weaknesses are. Â The level of knowledge is sadly lower than >>>> it should be, but to paraphrase you, thats no excuse. Â I don't think that >>>> digest was part of HTTP 1.0 and retiring standards is difficult. >>>> > ... > > > -- > -- > â±in del â³ensaje. -- -- â±in del â³ensaje.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|