是否有可能在Internet Explorer中启用HTTP基本身份验证？ [英] Is it possible to enable HTTP basic authentication in Internet Explorer?

问题描述

一个URL，如的http：//用户名：password@example.com/ 在Internet Explorer中不起作用，作为Microsoft知识库文章中解释的 Internet Explorer不以网站地址支持用户名和密码。我不能找到这个合适的解决方法。我想一个HTML文件，它工作在只是一个简单的链接。

A URL such as http://username:password@example.com/ does not work in Internet Explorer, as explained in the Microsoft Knowledgebase article "Internet Explorer does not support user names and passwords in Web site addresses". I can’t find a proper workaround for this. I want just a simple link in a HTML document which works.

我们有一个网站，有相当安全的基于cookie的登录。我们有标准的统计数据包（Webalizer的和AWStats软件），它使用HTTP认证。我想给网站管理员的快速链接到统计数据。链接，其中包括密码，将只提供给管理员一个记录。这也极大的安全隐患。

We have a website, with fairly secure cookie-based login. We have standard stats packages (Webalizer and AWStats) which use HTTP authentication. I want to give the administrator of the site a quick link to the stats. The link, which includes the password, will be available only to a logged in administrator. It’s no great security risk.

推荐答案

用户名：password@example.com结构中移除了作为安全功能。以纯文本格式存储密码是一个坏主意，开始时，这种形式的URL是的常用的攻击对网络钓鱼攻击向量。您链接到列表中的文章一些变通......你能不能只是提示用户输入密码？

The username:password@example.com construct was removed as a security feature. Storing passwords in plain text is a bad idea to start with, and this form of the url was a frequently used attack vector for phishing attacks. The article you link to lists some work-arounds... can you not just prompt the user to enter a password?

如果你提供有关你在做什么多一点细节，很可能更好的解决方案可能会被发现。

If you give a little more details about what you're doing, it's possible a better solution may be found.

这篇关于是否有可能在Internet Explorer中启用HTTP基本身份验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！