Rick:
> Hi All. I have installed OSCPMWin 0.4.1.683 and SSL 0.9.6k and
> can connect successfully to oscpm1_upload.php with my browser.
> Using OSCPMWin however, an ERROR 100 is the result. The person
> who runs this - external - site (to which I have limited access)
> has looked into it and says that this is because the (https) site is
> protected with a userid and password and OSCPMWin does not
> support that. Does anyone know of a patch that allows me to specificy
> (hard coded if necessary) the userid and password for the site
> IN ADDITION to those for the database?
Hi. Currently, there is no way to specify a HTTP Basic Authentication password and username to access the server-side script. It can be done. I will add it soon. (In my bugtracker this issue is
Bug #348).
You have said that you have not control over the server, so this note is for anybody else who may be thinking on setting HTTP authentication on the server-side script. Adding HTTP Basic authentication to access the server-side script does not provide more security to the script, as the HTTP username and password are really sent in clear text and the OSCPMWin authentication data is sent encrypted. Even HTTP Digest authentication is not better, as the server-side script authentication is similar (it may be slightly better, as the nonce is set by the server, and in the OSCPMWin application is set by the client). However, HTTP Basic authentication over SSL (as you do) is better (but redundant for the oscpm1_upload script).
Regards,
Mario A. Valdez-Ramirez.
Login
FAQ
Search
