Security Basics mailing list archives

Re: Re[2]: Insecure handling of Apache restrictions?

From: Mike Arnold <mike () midkaemia fsnet co uk>
Date: Wed, 16 Oct 2002 00:24:27 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 15 Oct 2002 5:45 pm, BenoÃ®t Gauthier wrote:

(2002.10.15, 12:44)

Why? How can I circumvent this behaviour?


Possibly by doing this.

<Directory /home/user/public_html/>
AuthType Basic
AuthName "Please enter your user id and password."
AuthDBUserFile /home/user/public_html/controle
Require valid-user
</Directory>


That would control access to all of http://blabla.ca/~user though,
would it not?


Uhmm, yes. I'll have to rethink that one. Just re-read the original and seen 
the bit I've missed. Interesting question. Unfortunately I have "broken" my 
apache... so I can't check :( Sorry.

BenoÃ®t


Mike

- -- 
        By three methods we may learn wisdom: 
                First, by reflection, which is noblest; 
                Second, by imitation, which is easiest; 
                and third by experience, which is the bitterest. 

                        --Confucius 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9rKO18EqADYNpcNQRAjSUAJsGKsNudMlx5wsxIUGrsRAZWbb2nQCfU99u
mKuNM74P42Rrg9wHNIotHpY=
=kU+d
-----END PGP SIGNATURE-----

Current thread:

Re: Insecure handling of Apache restrictions? Eimantas V (Oct 15)
- Re[2]: Insecure handling of Apache restrictions? Benoît (Oct 16)
- <Possible follow-ups>
- Re: Insecure handling of Apache restrictions? Mike Arnold (Oct 15)
  - Re[2]: Insecure handling of Apache restrictions? Benoît (Oct 16)
    - Re: Re[2]: Insecure handling of Apache restrictions? Mike Arnold (Oct 16)
- Re: Insecure handling of Apache restrictions? White Vampire (Oct 16)
- Re: Insecure handling of Apache restrictions? Stewart (Oct 17)
  - Re: Insecure handling of Apache restrictions? White Vampire (Oct 17)