Solved

Changing REMOTE_USER with a CGI rather than closing the browser

Posted on 1998-06-13
4
249 Views
Last Modified: 2013-12-25
If I've already authenticated at a website with a username:password pair, how do I write a CGI that, when invoked, will reset the value of $REMOTE_USER, and challenge me again for my username:password pair. I want to be able to log in as a different user at this point.

I know I can close my browser and $REMOTE_USER will reset, but I'd like to avoid that pain.
0
Comment
Question by:cjb061398
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
julio011597 earned 50 total points
ID: 1829779
Indeed, the web server does keep asking for name:passwd... it is the *intelligent* browser which sends them behind the scenes. Anyway, you can bypass this browser's automatic mechanisms by providing the pair as part of the location url.

Say the new pair is "cjb:mypwd", and the page to access is "http://my.host.com". Then you can force the new pair to be sent by putting this url into the location field:

http://cjb:mypwd@my.host.com

This is, in fact, the same mechanism you would use to access password protected ftp sites.

Regards, julio
0
 
LVL 6

Expert Comment

by:alamo
ID: 1829780
In many cases a better way might be "http://cjb@my.host.com" instead, leaving out the password. The dialog will pop up and ask you.

The advantage of this is that this way your password won't be included in your browser history or any bookmarks you make. I am not sure if your password shows up in the REFERER field also, when you click on an external link, it might, I've never checked.

0
 
LVL 5

Expert Comment

by:julio011597
ID: 1829781
Yes, right. About REFERER, i'm not sure either, but shouldn't be the case... anyway, to be tried.

cjb, still around?

-julio
0
 
LVL 6

Expert Comment

by:alamo
ID: 1829782
I just checked, name:pw@ does indeed show up in the REFERER. I tested with Netscape 4.04. So be careful...

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
Ever wondered how to display how many visitors you have online. In this tutorial I will show you an easy but effective way to display the number of online visitors in WhizBase. In this article I assume you have read my previous articles and know …
The viewer will learn how to dynamically set the form action using jQuery.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now