Jump to content
    1. Welcome to GTAForums!

    1. GTANet.com

    1. GTA Online

      1. Los Santos Drug Wars
      2. Updates
      3. Find Lobbies & Players
      4. Guides & Strategies
      5. Vehicles
      6. Content Creator
      7. Help & Support
    2. Red Dead Online

      1. Blood Money
      2. Frontier Pursuits
      3. Find Lobbies & Outlaws
      4. Help & Support
    3. Crews

    1. Grand Theft Auto Series

      1. Bugs*
      2. St. Andrews Cathedral
    2. GTA VI

    3. GTA V

      1. Guides & Strategies
      2. Help & Support
    4. GTA IV

      1. The Lost and Damned
      2. The Ballad of Gay Tony
      3. Guides & Strategies
      4. Help & Support
    5. GTA San Andreas

      1. Classic GTA SA
      2. Guides & Strategies
      3. Help & Support
    6. GTA Vice City

      1. Classic GTA VC
      2. Guides & Strategies
      3. Help & Support
    7. GTA III

      1. Classic GTA III
      2. Guides & Strategies
      3. Help & Support
    8. Portable Games

      1. GTA Chinatown Wars
      2. GTA Vice City Stories
      3. GTA Liberty City Stories
    9. Top-Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    1. Red Dead Redemption 2

      1. PC
      2. Help & Support
    2. Red Dead Redemption

    1. GTA Mods

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Red Dead Mods

      1. Documentation
    3. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    4. Featured Mods

      1. Design Your Own Mission
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Rockstar Games

    2. Rockstar Collectors

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Movies & TV
      5. Music
      6. Sports
      7. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. Announcements

    2. Support

    3. Suggestions

Happy Holidays from the GTANet team!

Testing HTTP Authorisation


BenMillard
 Share

Recommended Posts

I have created an example of HTTP Authorisation and would like its security to be tested. The example page has two links, which require different login information. The login information is supplied so you can check it works before trying to hack in. When you supply valid login information, your details are remembered by the server for until you have been inactive for an hour, I think.

 

I'd also like to know whether people find this system easy to use, general views on it, any experience of implementing it on other sites, etc. smile.gif

 

Are there any accessibility problems with this sort of system? Since it is part of the HTTP specification, I assume it will be supported by any Web device?

 

(EDIT) When using the system in Lynx, it attempts to follow the link normally. This fails and it provides a message saying that authorisation is required. It then uses the bottom of the screen to input your login details:

user posted image

812 x 738, 54.4kB.

 

After entering the name, it used the bottom of the screen to prompt for the password. I entered this, then it displayed an error about an invalid server write or something along those lines and returned focus to the link on the page. I tried following the link again and it worked:

user posted image

812 x 738, 27.7kB.

 

This has made me a little worried...perhaps other devices would struggle with this system?

 

(EDIT2) Here is the error message:

user posted image

812 x 738, 54.2kB.

 

It says:

"Alert! Unexpected network read error; connection aborted."

 

Is this a problem with my configuration or with the browser? sad.gif

Edited by Cerbera
Link to comment
Share on other sites

  • 4 weeks later...
TheJkWhoSaysNi

Your page doesn't display correctly because it's invalid and you're serving it as application/xhtml+xml. You seem to have two lots of everything above the <body> tag.

Link to comment
Share on other sites

Ah, I'd forgotten to update my test pages to work correctly with the PHP I've been trying out. Should be fixed now. smile.gif

Link to comment
Share on other sites

TheJkWhoSaysNi

Looks pretty secure, although i'm nowhere near an expert at this kind of thing.

 

You can keep the .htpasswd file in the same directory as .htaccess since you can't view it without logging in anyway. (and i believe apache disables access to .files although i may be wrong.) If you can access .htpasswd the only real security problem is being able to see other peoples passwords. Keeping it in an inaccessible directory is definatly best though.

 

 

as for the problem it seems like a browser issue to me.

Edited by TheJkWhoSaysNi
Link to comment
Share on other sites

Looks pretty secure, although i'm nowhere near an expert at this kind of thing.

 

You can keep the .htpasswd file in the same directory as .htaccess since you can't view it without logging in anyway. (and i believe apache disables access to .files although i may be wrong.) If you can access .htpasswd the only real security problem is being able to see other peoples passwords. Keeping it in an inaccessible directory is definatly best though.

 

 

as for the problem it seems like a browser issue to me.

By default Apache blocks access to .htaccess and .htpasswd, I believe. It also doesn't list them in directory listings.

 

And even if you can access the .htpasswd file, I would assume Cerb is keeping the passwords in there encrypted.

"You can play faster than Al Di Meola and do it with only one pinky, but if you're not listening to what is going on around you, you might as well just shut up"

 

isn't your croth suppose to be erecting when you have an orgasm?
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.