Re: Invalid Syntax secured page cannot be displayed
- From: Thomas Nice/France <ThomasNiceFrance@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 11 Oct 2005 00:17:03 -0700
Thanks Bob, I got the idea. If undoing the restriction represents a real
security exposure I prefer not to install the user's workaround and ask the
ISP to rewrite that portion. In the meanwhile they actually had removed the
function from their menu and one needs to go directly to the secured pages
and use standard authentication there. Anyway your comment is of great help,
as they seem not to have been aware of the whole stuff before this.
--
Tom Cote d'Azur
"Robert Aldwinckle" wrote:
> "Thomas Nice/France" <ThomasNiceFrance@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:B9537C92-E7E3-4D61-85A2-27CE5B1E61A4@xxxxxxxxxxxxxxxx
> > Hi,
> > posted this already in the windows update group because pbm arose after
> > Service Pack 2 upgrade installation, but no reply there.
> > I need to go to a secured page on mydomain.ext, which is hosted by my
> > provider inode.at . Prior to sp 2 the syntax
> > http://uid:pw@xxxxxxxxxxxx/mydirectory worked fine, now I get a syntax error
> > and the message that the page cannot be displayed.
>
>
> This syntax is invalid for http: URLs. It was an extension of ftp: syntax
> which was being supported by accident. That error was fixed by a security
> patch. However, I'm pretty sure a compatibility switch in the registry was
> provided to allow a transition to the changed functionality for people who
> were making use of the error....
>
> http://www.microsoft.com/technet/security/Bulletin/MS04-004.mspx
>
> (Google web search for
> inurl:technet compatibility http URL syntax password site:microsoft.com
> )
>
>
> links to
>
> <title>A security update is available that modifies the default behavior of
> Internet Explorer for handling user information in HTTP and in HTTPS URLs</title>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
>
> which contains the compatibility registry hacks which are available
> if a user finds them necessary.
>
> Have you tried using one of the registry hacks?
>
>
> HTH
>
> Robert Aldwinckle
> ---
>
>
> > (Also the uid:pw is
> > displayed in clear on the top, which isn't right to do.
> > The above syntax is generated by my provider and masked by a hyperlink which
> > he puts on the page after successful authentication checks performed by them
> > in their dialog pages (I guess these are form prompts, which they check
> > against their sql db). Usually after validation, clicking on the presented
> > link the requested secure pages opened in a new window, in order to access
> > my own secure pages that they host.
> > They keep telling me it's my problem because it used to work before, and it
> > still works elsewhere. Let alone that I don't think they went about very
> > smart by developing it this way.
> > It doesn't seem to me to be a pop-up blocking issue, nor cookie issue, nor
> > firewall issue. (I'm using Norman)
> >
> > I read articles 821814 and 834489 in the KB. They suggest Q831167 would
> > undo the behavior, that IE doesn't support above syntax, but this fix applies
> > to sp1 only, and there are some serious warnings about the whole stuff.
> > Could anybody explain to me please, what the hell is going on and What shall
> > I do other than going myself to ww.mydomain.ext/directory supplying id/pw
> > each time?
> > It didn't help to register mydomain.ext as an intranet domain or trusted
> > domain in privacy settings.
> > Thx in advance
> > --
> > Tom Cote d'Azur
> >
>
>
>
.
- References:
- Re: Invalid Syntax secured page cannot be displayed
- From: Robert Aldwinckle
- Re: Invalid Syntax secured page cannot be displayed
- Prev by Date: Re: Install W/O Internet Connection
- Next by Date: Re: Can't load form-fill, etc.
- Previous by thread: Re: Invalid Syntax secured page cannot be displayed
- Next by thread: Re: Install W/O Internet Connection
- Index(es):
Relevant Pages
|
