Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Firefox and IIS

Reply
Thread Tools

Firefox and IIS

 
 
SchoolTech
Guest
Posts: n/a
 
      02-20-2006
FF 1.5 for Windows doesn't appear to support Integrated Windows
Authentication (NTLM). That is, when a site asks for it, FF instead pops
up the username/password dialog, when it is supposed to transmit the
user's login name directly back to the server.

Has anyone else encountered this or are there any fixes planned.
 
Reply With Quote
 
 
 
 
A Nice Cup of Tea
Guest
Posts: n/a
 
      02-20-2006
On Tue, 21 Feb 2006 09:27:54 +1300, SchoolTech wrote:

> FF 1.5 for Windows doesn't appear to support Integrated Windows
> Authentication (NTLM). That is, when a site asks for it, FF instead pops
> up the username/password dialog, when it is supposed to transmit the
> user's login name directly back to the server.
>
> Has anyone else encountered this or are there any fixes planned.


Why fix something that isn't broken?


A Nice Cup of Tea

--
Buffer overflow attacks. By flooding a program with too much data, a hacker
can track and manipulate the overflow and trick the system into following his
instructions as if he were the sysadmin. The technique has been known for
decades, yet Microsoft still hasn't come up with a way to defend against it.

 
Reply With Quote
 
 
 
 
Fred Dagg
Guest
Posts: n/a
 
      02-20-2006
On Tue, 21 Feb 2006 09:27:54 +1300, SchoolTech
<(E-Mail Removed)> exclaimed:

>FF 1.5 for Windows doesn't appear to support Integrated Windows
>Authentication (NTLM). That is, when a site asks for it, FF instead pops
>up the username/password dialog, when it is supposed to transmit the
>user's login name directly back to the server.
>
>Has anyone else encountered this or are there any fixes planned.


You're half correct. Firefox DOES support NTLM authentication, however
does require you to enter your username and password.

Only IE supports fully integrated NTLM authentication.

Note that Opera does not support NTLM in any way, shape, or form, so
Firefox's approach is better than nothing.

What are you accessing? In many cases (eg sharepoint, etc), you really
need to use IE to get the most out of it, anyway.
 
Reply With Quote
 
Stuart
Guest
Posts: n/a
 
      02-21-2006
"SchoolTech" <(E-Mail Removed)> wrote in message
news:43fa2625$(E-Mail Removed)...
> FF 1.5 for Windows doesn't appear to support Integrated Windows
> Authentication (NTLM). That is, when a site asks for it, FF instead pops
> up the username/password dialog, when it is supposed to transmit the
> user's login name directly back to the server.
>
> Has anyone else encountered this or are there any fixes planned.


You can do this in FF. Go to about:config (type it in the address bar), and
filter the properties by "ntlm". Change
network.automatic-ntlm-auth.trusted-uris to include every URL you want NTLM
to be enabled for.

Stuart


 
Reply With Quote
 
Nathan Mercer
Guest
Posts: n/a
 
      02-21-2006
A Nice Cup of Tea wrote:
> Why fix something that isn't broken?
>
>
> A Nice Cup of Tea
>
> --
> Buffer overflow attacks. By flooding a program with too much data, a hacker
> can track and manipulate the overflow and trick the system into following his
> instructions as if he were the sysadmin. The technique has been known for
> decades, yet Microsoft still hasn't come up with a way to defend against it.


Have any general purpose Operating Systems come up with a way to defend
against Buffer Overflows? yet?

 
Reply With Quote
 
Fred Dagg
Guest
Posts: n/a
 
      02-21-2006
On 21 Feb 2006 03:53:44 -0800, "Nathan Mercer" <(E-Mail Removed)>
exclaimed:

>A Nice Cup of Tea wrote:
>> Why fix something that isn't broken?
>>
>>
>> A Nice Cup of Tea
>>
>> --
>> Buffer overflow attacks. By flooding a program with too much data, a hacker
>> can track and manipulate the overflow and trick the system into following his
>> instructions as if he were the sysadmin. The technique has been known for
>> decades, yet Microsoft still hasn't come up with a way to defend against it.

>
>Have any general purpose Operating Systems come up with a way to defend
>against Buffer Overflows? yet?


Don't try to confuse him with facts, Nathan!
 
Reply With Quote
 
SchoolTech
Guest
Posts: n/a
 
      02-21-2006
A Nice Cup of Tea wrote:
> On Tue, 21 Feb 2006 09:27:54 +1300, SchoolTech wrote:
>
>> FF 1.5 for Windows doesn't appear to support Integrated Windows
>> Authentication (NTLM). That is, when a site asks for it, FF instead pops
>> up the username/password dialog, when it is supposed to transmit the
>> user's login name directly back to the server.
>>
>> Has anyone else encountered this or are there any fixes planned.

>
> Why fix something that isn't broken?


It is broken. The browser sends the wrong header back to the server,
which can't authenticate the request.
 
Reply With Quote
 
SchoolTech
Guest
Posts: n/a
 
      02-21-2006
Nathan Mercer wrote:
> A Nice Cup of Tea wrote:
>> Why fix something that isn't broken?
>>
>>
>> A Nice Cup of Tea
>>
>> --
>> Buffer overflow attacks. By flooding a program with too much data, a hacker
>> can track and manipulate the overflow and trick the system into following his
>> instructions as if he were the sysadmin. The technique has been known for
>> decades, yet Microsoft still hasn't come up with a way to defend against it.

>
> Have any general purpose Operating Systems come up with a way to defend
> against Buffer Overflows? yet?
>


It is not a function of the operating system. It is a function of the
programming language used. C doesn't contain built in type length
checking, so if the programmer doesn't implement such checks, buffer
overruns can occur.

Buffer overruns have also been found in Mozilla software.

 
Reply With Quote
 
SchoolTech
Guest
Posts: n/a
 
      02-21-2006
Fred Dagg wrote:
> On Tue, 21 Feb 2006 09:27:54 +1300, SchoolTech
> <(E-Mail Removed)> exclaimed:
>
>> FF 1.5 for Windows doesn't appear to support Integrated Windows
>> Authentication (NTLM). That is, when a site asks for it, FF instead pops
>> up the username/password dialog, when it is supposed to transmit the
>> user's login name directly back to the server.
>>
>> Has anyone else encountered this or are there any fixes planned.

>
> You're half correct. Firefox DOES support NTLM authentication, however
> does require you to enter your username and password.
>
> Only IE supports fully integrated NTLM authentication.
>
> Note that Opera does not support NTLM in any way, shape, or form, so
> Firefox's approach is better than nothing.
>
> What are you accessing? In many cases (eg sharepoint, etc), you really
> need to use IE to get the most out of it, anyway.


Yeah I guess this work PC will have IE7 beta put on it.
 
Reply With Quote
 
A Nice Cup of Tea
Guest
Posts: n/a
 
      02-22-2006
On Wed, 22 Feb 2006 11:33:33 +1300, SchoolTech wrote:

>>> Has anyone else encountered this or are there any fixes planned.

>>
>> Why fix something that isn't broken?

>
> It is broken. The browser sends the wrong header back to the server, which
> can't authenticate the request.


It... is... not... "broken". Try configuring it correctly.


A Nice Cup of Tea

--
A: because it messes up threading
Q: why should I not reply by top-posting?
A: No.
Q: Should I include quotations after my reply?

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
developing on IIS V5.1 hosted on WinXP pro and deploying on IIS 6.0 win2k3 qustion Smith ASP .Net 2 04-27-2009 09:53 AM
about IIS 6 and IIS 7 Tony Johansson ASP .Net 2 11-13-2008 02:51 AM
Difference between IIS 5.0 Isolation Mode and IIS 6.0 WP Mode cedric ASP .Net Web Services 0 12-29-2005 09:56 AM
IIS 6.0 win2003, IIS users moe_rodrigue MCSE 1 04-01-2004 07:37 AM
IIS/Tomcat 4 Admin and Manager - Can't Connect from IIS Emile Coetzee Java 0 01-12-2004 11:01 AM



Advertisments