usr and password in URL

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • EZRhino
    Confirmed User
    • Jul 2003
    • 6258

    #1

    usr and password in URL

    Can anyone tell me how to keep my server from allowing the user name password to used in the url?
    Example http://user:[email protected]/members
    Password sites use this alot.
  • Babaganoosh
    ♥♥♥ Likes Hugs ♥♥♥
    • Nov 2001
    • 15841

    #2
    That's not possible as far as I know. You might want to check into something like Pennywize http://www.pennywize.com/
    I like pie.

    Comment

    • Sonny
      Confirmed User
      • Jul 2003
      • 122

      #3
      a quick fix for not showing the user name and pass on the url is to use frames..

      with frames, the passing argument doesnt show up.

      http://www.porngoto.com
      http://www.mytopxxx.com
      http://www.hornyjo.com
      http://www.campusbunnies.com

      Comment

      • glipglop
        Registered User
        • Jul 2003
        • 13

        #4
        If your website is on a Windows server, you could use Titan from Flicks Software.


        http://www.flicks.com/prod.htm#titan


        It will allow you to deny any URL request to your server with an @ sign in it. Also good for stopping buffer overflow attempts.
        http://www.flicks.com

        Comment

        • fucktard
          Registered User
          • Jan 2003
          • 7

          #5
          The only advice I could offer is forcing logins and all transactions via HTTP form POSTs and storing info in session variables and reading from that.

          Comment

          Working...