Re: KB 834489 - workarround

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 08/21/05

• Next message: Ran Davidovitz: "Re: KB 834489 - workarround"
• Previous message: Miha Pihler [MVP]: "Re: OMA/OWA password masking"
• In reply to: Ran Davidovitz: "KB 834489 - workarround"
• Next in thread: Ran Davidovitz: "Re: KB 834489 - workarround"
• Reply: Ran Davidovitz: "Re: KB 834489 - workarround"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 20 Aug 2005 21:28:56 -0700

Can you clarify what is confusing you from KB834489

I don't know how your authentication is configured and why your customer is
passing username/password using the URL, so I cannot make a recommendation
on how you can "support this issue (without updating the client side
registry)".

Why are the workarounds from the KB insufficient? Why can't your user just
type in username/password when prompted instead of having to type it into
the URL request itself?

-- 
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Ran Davidovitz" <RanDavidovitz@discussions.microsoft.com> wrote in message
news:A23D4555-1DCF-4D83-A165-FD8C9569599A@microsoft.com...
Hi.
I have a customer that until today passed his username / password using the
URL (using basic authentication).
After reading KB 834489 I see that this behavior is not supported any more.
I dont understand what is the workarround described in KB 834489.
I want to know if there is another way that i can support this issue
(without updating the client side registry).
* what ever solution i will do I must support intergrated security also.

---

• Next message: Ran Davidovitz: "Re: KB 834489 - workarround"
• Previous message: Miha Pihler [MVP]: "Re: OMA/OWA password masking"
• In reply to: Ran Davidovitz: "KB 834489 - workarround"
• Next in thread: Ran Davidovitz: "Re: KB 834489 - workarround"
• Reply: Ran Davidovitz: "Re: KB 834489 - workarround"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: KB 834489 - workarround ... Internet-facing website uses Basic+SSL ... Our customer has a broadvision portal on the internet and he would like his ... > The customer used basic authentication, ... >> on how you can "support this issue (without updating the client side ... (microsoft.public.inetserver.iis.security) Re: KB 834489 - workarround ... The customer used basic authentication, ... > passing username/password using the URL, so I cannot make a recommendation ... > * what ever solution i will do I must support intergrated security also. ... (microsoft.public.inetserver.iis.security) RE: prompted for username, password on iis5 running xp pro ... >Server will negociated an authentication method. ... >an valid username/password, the username/password box ... >the web server will send the content to the client. ... >the Web Server in Windows 2000 Server and Windows XP Pro ... (microsoft.public.inetserver.iis.security) Re: password cracker for PCAnywhere and VNC (RFB 003.008) ... Does anyone know of good username/password lists for dictionary attack? ... customer to get a list of possible usernames. ... Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. ... StealthWatch, the veteran Network Behavior Analysis and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. ... (Pen-Test) Re: Pass username and password instead of userprompt ... I do not think it is possible with VB; you'd need a custom web browser since ... This is why I say you should re-think your custom authentication scheme. ... What you are doing is analogous to printing out the username/password on the ... (microsoft.public.inetserver.iis.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.inetserver.iis.security  > 2005-08