No, its not an ActiveX component; it is a feature (or MS-specific hack-over-headers) that has been built-into IE for a while, and used primarily for intranet sites built using IIS. The server has to explicitly tell the browser that it will accept NTLM authentication sent via HTTP headers. See my previous message for more details. I agree, this is a security risk, and somewhat pointless when you consider that browsers have 'save-a-password' features for Basic Auth anyway...Then again, perhaps that is as much as a security risk. If you are really paranoid, you will implement cookie-based auth (not basic or NTLM) with server-based timeout/expirations of credentials associated with a session cookie, since not everyone locks their workstation when they leave their desk... Sean -----Original Message----- From: Joel Burton [mailto:joel@joelburton.com] Sent: Friday, March 08, 2002 8:58 AM To: Andy McKay Cc: zope@zope.org Subject: Re: [Zope] Auto-Login from MS Domain On Fri, 8 Mar 2002, Andy McKay wrote:
Doesn't XUF have some way of auth'ing from a Windows domain? I don't know if you can auto login to a site by magically requesting the network login, sounds like it would be bit of a security risk...
No doubt there's some ActiveX component which runs only on IE v >=6.0004 that will do this, and, yes, no doubt it's a security risk. ;-) -- Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )