auxone
08-20-2008, 08:56 PM
Hey guys. I was looking around for a solution to this, but it just hasn't hit me yet. I want to restrict access to certain directories (named after the user) on my server so that the user can only access their own directory. It's a long story, but the catch is they need to use only the GET method while still being authenticated by some means. Is there a way to securely transmit the username and password in the header of a HTTP GET? I have SSL and really I am using HTTPS, but I am still unsure if this can work or is secure.
I can get it to work with POST by transmitting the password as part of the body, and pairing it with the name of the directory, but GET doesn't have a body, and I imagine headers aren't encoded.
thanks.
I can get it to work with POST by transmitting the password as part of the body, and pairing it with the name of the directory, but GET doesn't have a body, and I imagine headers aren't encoded.
thanks.