Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Microsoft disables user:pass@server causing Invalid Syntax Error

Discussion in 'General Discussion' started by hostultra, Feb 9, 2004.

Page 1 of 2
  1. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    Just a notice to everyone
    Microsoft seems to have disabled the http://user:password@server.com/ thing in the latest patch for internet explorer.

    So if your login forms send your customers to an url like that they will get a invalid syntax error!

    It took me ages to track this problem down.
    Many customers were complaining to me about getting this error and could find no problem.
    Today I updated my own PC with windows update, downloaded the IE service pack patch and i noticed it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 hostultra, Feb 9, 2004
  2. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 hostultra, Feb 9, 2004
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You can shut this off by adding a registry entry.

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 Infopro, Feb 9, 2004
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    LOL, I posted 3 minutes too slow... ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Infopro, Feb 9, 2004
  5. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    Having customers edit a registry entry to login is not a good solution.

    Is there any other way to redirect the browser into cpanel without asking for user/pass other then this method which doesnt work by default anymore.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 hostultra, Feb 9, 2004
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Well its a security measure that I don't think the average user should skirt around. But if you wanted to help out your users I guess you could whip up a few registry patches and offer them to your clients. Of course you'll need to make one for each version of windows.

    I don't see a way to "re direct" anyone as there's no page there to add a redirect to.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Infopro, Feb 9, 2004
  7. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    No i dont think you understand.
    I dont want my users to have to download a registry patch.
    I want it to work by itself, the way it did before microsoft screwed with it.

    Is there another way to send in the username/password, like a javascript or URL trick other then http://user:pass@
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 hostultra, Feb 9, 2004
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I understood you the first time. The answer is no.
    Tell them to use https and type in the password every time. We are talking security here. There is no easy way around being safe. (other than editing the registry)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 Infopro, Feb 9, 2004
  9. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    I have multiple servers with a login on my site.
    The login form redirects them to their cpanel for the appropriate server, without using user:pass@server it means the user will have to enter their username and password twice.
    Once to find which server he is on, and another to login to the cpanel.

    I cant belive microsoft would remove such a useful function just because a few people abused it for spoof sites.
    At least a warning message would be better then disabling it completely.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 hostultra, Feb 9, 2004
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Your password should never be in plain view of anyone. This is a given.
    Before, when you could login this way, your username and password were viewable on the bottom of your browser. So it's more than just some spoofed URLs.

    Just change the login to a URL to get to the https URL and they can click that and login, it's not that tough..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 Infopro, Feb 9, 2004
  11. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    I created a work around :

    <img border="0" width="0" height="0" src="http://user:pass@server.com:2082/frontend/x/branding/top_01-sm_bg.gif">
    <script language="JavaScript">self.location.href='http://server.com:2082/';</script>
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #11 hostultra, Feb 9, 2004
  12. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    623
    Likes Received:
    1
    Trophy Points:
    168
    Do you mean https://user-pass@ works with the IE update?
     
    #12 goodmove, Feb 12, 2004
  13. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    no it doesnt.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #13 hostultra, Feb 12, 2004
  14. TogaDave

    TogaDave Well-Known Member

    Joined:
    Apr 13, 2003
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    166
    Just got my first customer support ticket about this this morning. Just what I wanted to do today, sit around explaining to users why they get a syntax error when they try to check webmail from within cpanel... the fun never ends LOL!
     
    #14 TogaDave, Feb 13, 2004
  15. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    166


    That does not work - login dialog box still appears
     
    #15 osfdeath, Feb 13, 2004
  16. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    191
    It looks like Nick is working on it, too:

     
    #16 casey, Feb 23, 2004
  17. Dr. Bogger

    Dr. Bogger Well-Known Member

    Joined:
    Dec 21, 2003
    Messages:
    95
    Likes Received:
    0
    Trophy Points:
    156
    Is this feature available yet? if so, how do you make it work? lol.

    I dont know too much about cookies yet lol.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #17 Dr. Bogger, Feb 23, 2004
  18. XPerties

    XPerties Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    401
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    New Jersey, USA
    For those who use https://root:PASSWORD@IP:2083 and have downloaded the latest IE fix from MS you will notice it no longer works. You get an syntax error. Here is the fix to remove the block.


    Copy and paste this into a text file:

    save the text file as:

    Enable username&password in IE.reg

    then click on the file, and choose yes to import it into your registry. This will disable the MS update.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #18 XPerties, Feb 25, 2004
  19. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I think I posted that in the beginning of this thread.. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #19 Infopro, Feb 25, 2004
  20. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    The login box will appear on those which have the microsoft patch, but will not appear if they do not have the patch.

    it just avoids the horrible syntax error.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #20 hostultra, Feb 25, 2004
(You must log in or sign up to post here.)
Page 1 of 2
Loading...
Similar Threads - Microsoft disables user
  1. jlord87

    Setup DNS for Microsoft Active Directory

    jlord87, Jul 21, 2017, in forum: Bind/DNS/Nameserver
    Replies:
    2
    Views:
    463
    24x7server
    Jul 23, 2017
  2. prastyo

    Cannot receive email from Microsoft mail server

    prastyo, Jun 16, 2017, in forum: E-mail Discussion
    Replies:
    3
    Views:
    446
    cPanelMichael
    Jun 19, 2017
  3. Oleg Vasilyev

    Email marked as SPAM by Google and Microsoft

    Oleg Vasilyev, Oct 4, 2016, in forum: E-mail Discussion
    Replies:
    2
    Views:
    1,197
    cPanelMichael
    Oct 6, 2016

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice