Re: display logged in USER in textbox ?

From: gordonb.f4fda@xxxxxxxxxxx (Gordon Burditt)
Date: Thu, 08 Nov 2007 00:08:07 -0000

What arguments does such a NTLM request require?

to make it simple:
serwer tells the browser: you need to authenticate using NTLM , valid
user is required. then browser sends the server id of a user.

What *browsers* do that? If a browser does that when talking over
the Internet, especially without asking for confirmation, I consider
it a serious security hole. If the user is asked to enter a valid
user name, it rather defeats the purpose of not having to log in
for the web page after you've already logged in on the workstation.

And since anything that comes from a browser is easily faked, it
seems to make pretending to be someone else fairly easy. All I
have to do is get that magic number. I think for that all I have
to do is find a file that he owns that I can look at the permissions
on, which might be easy to find on a shared volume.

something like:
S-1-5-21-3127170830-3942366122-3349335812-41005
now it is web serwers role to do something with it.
in most corporate enviroments - use ldap call to get real name

Suppose: there are several people logged in on various machines
on the local network. There are several people logged in on the
same machine as user who's making the HTTP request (possible with
terminal server or remote desktop on a Windows machine). What
information does the HTTP server have to tell which user made the
request?

the one who owns the task running web browser. the one that
started web browser, of course

Unless, of course, the web browser LIES.

.

Follow-Ups:
- Re: display logged in USER in textbox ?
  - From: Sanders Kaufman
- Re: display logged in USER in textbox ?
  - From: zdzisio

References:
- display logged in USER in textbox ?
  - From: paul814
- Re: display logged in USER in textbox ?
  - From: zdzisio
- Re: display logged in USER in textbox ?
  - From: Gordon Burditt
- Re: display logged in USER in textbox ?
  - From: zdzisio

Prev by Date: Re: mySQL Problem
Next by Date: Re: mySQL Problem
Previous by thread: Re: display logged in USER in textbox ?
Next by thread: Re: display logged in USER in textbox ?
Index(es):
- Date
- Thread

Relevant Pages

Re: Got TCP/IP connection, but no file sharing!?
... No where can I find that having the Computer Browser Service ... and the server announces itself on the networking using the special ... and why doesn't a workgroup environment work the same ... server) generally acts as the master browser. ...
(microsoft.public.windowsxp.network_web)
Re: =?ISO-8859-1?Q?Can=92t_see_a_compute?= =?ISO-8859-1?Q?r_in_the_network?=
... Find Computer Browser ... Find Server ... Find Workstation ... CONFIG and Browser and Sharedaccess are RUNNING. ...
(microsoft.public.windowsxp.network_web)
Re: After setting up the network
... Find Computer Browser ... Find Server ... PsService v2.20 - Service information and configuration utility ... CPSServ Comprehensive Networking Services V1.10 - PERRINS2 ...
(microsoft.public.windowsxp.network_web)
Re: CUPS Server Error
... Server Identity ... > # Classification: the classification level of the server. ... the default language if not specified by the browser. ... determines whether the scheduler will allow new printers ...
(Debian-User)
Re: FreeBSD 5.1, Cups problem
... Server Identity ... > # Classification: the classification level of the server. ... the default language if not specified by the browser. ... > # not advertised but you can still see printers on other hosts. ...
(freebsd-questions)