Solved

Brower Environment Variables

Posted on 1999-01-20
12
162 Views
Last Modified: 2013-12-25
Is there any way to programmatically (CGI,javascript,java,etc.) set the user name and password browser variables for the current realm?
I need it to work for IE 4.0 and Netscape 4.05.  
I am running Apache 1.3.3. I can rebuild it and add in any modules if needed.  
I trying to have a cgi program set the name and password so the user does not have type it in multiple times.

Thanks,
Dennis
0
Comment
Question by:baasdr
12 Comments
 

Author Comment

by:baasdr
ID: 1832353
Edited text of question
0
 

Author Comment

by:baasdr
ID: 1832354
Edited text of question
0
 
LVL 7

Expert Comment

by:jconde
ID: 1832355
baasdr, I don't really understand your question,  could you please refrase "Is there any way to programmatically (CGI,javascript,java,etc.) set the user name and password
browser variables for the current realm? "
0
 
LVL 1

Expert Comment

by:ptruman
ID: 1832356
If you are on NT you can get the Domain & username
but IIRC thats .asp dependent...

0
 

Author Comment

by:baasdr
ID: 1832357
Sure I'll try,

I want to be able to load the browsers' name and password environment variables for my domain.  The same way that they are loaded into the browser when a user types them in at the popup Login prompt of the browser.  When a user request a file that requires basic authentication, the browser first check for a name and password for that realm.  If the browser has it, it sends it back to the webserver.  If it does not have it it pops up a dialog and asks the user for one.  The browser also save it off for the next time.  If the webserver accepts that answer it will return the requseted page.  Otherwise it sends a reject and the process starts over.  
Before I send a user into a directory that needs authenication I would like send the browser a name and password to put in the environment space.  That way the user never types it in, sees it, even know it happened.  He just has access.
Now how I determine to do that in the first place is another issue, but I've worked that.

Hope that clears it up some.
Dennis
0
 

Author Comment

by:baasdr
ID: 1832358
The Apache 1.3.3 server is running under Solaris 2.5.1.
I can get info about the user already.  I'm trying to put a name and password into browsers' memory.  I don't think it can be done from client side (Java or Java script), but I've been wrong before.

It is not unreasonable to mod Apache to do it.  I'm just not sure it could be done from there and I'd rather not go that route, yet.

Thanks,
Dennis
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 7

Expert Comment

by:jconde
ID: 1832359
Ok, I get it!...thanx!

I don't think you're going to be able to get the password, but the user name is contained in an enviroment variable called AUTH_USER.

I'm going to re-check about the password and I'll get back to you.

Regards,

Jorge
0
 

Author Comment

by:baasdr
ID: 1832360
I don't want to get AUTH_USER/REMOTE_USER and AUTH_PASS(available from some servers).  That's not tough.
I want to set them back at the browser.  So the next CGI call they are what I set, not what the user typed.

Dennis
0
 

Author Comment

by:baasdr
ID: 1832361
Adjusted points to 140
0
 

Expert Comment

by:robert_mann
ID: 1832362
Just a quick comment but why would you need something like this?  Maybe there is another solution for the problem at hand.
0
 
LVL 11

Accepted Solution

by:
mouatts earned 140 total points
ID: 1832363
You can't do what you want because there is no mechanism for the browser to receieve the values even if you mod the server to send it.

What you want can be done but is done with certificates normally. Ie when an attempt is made to access your secure area the server issues a certficate request to the browser which if it has one returns it thus allowing you to allow access to the area.

Another alternative is to use digest security. This allows you to specify lists of IP addresses that are allowed or barred from accessing the directory. The main problem with this is that on the Internet IP masquarading will allow illegal access and if proxies are involved then you can't differentiate between different users coming through the same proxy.

One approach that will allow you to do this after a fashion is to direct someone to a secure are and once they have entered a username and password they are returned a cookie with some form of id and they are then redirected to the genuine secure area. This area which will have to consist of dynamic pages only then ensuers that the cookie is present on every request. On subsequent accesses because the cookie will still be present you can direct them to the pseudo secure area without going to the password protected one first.

HTH
    Steve
0
 

Author Comment

by:baasdr
ID: 1832364
I have been lead to believe that there is a mechanism in the browsers to set Login and Password.  I've been all throught the cookie and IP route.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Help on writing a script for check ndf file size 2 76
Python 2.7 - Passing arguments 8 48
Sed question 2 49
React or Angular? 5 0
Introduction This tutorial will give you a fast look what you can do with WhizBase. I expect you already know how to work with HTML at least, and that you understand the basics of the internet and how the internet works. WhizBase is a server-s…
Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now