Security Basics mailing list archives
RE: Web Authentication
From: "Kamran Iqbal" <kamran.iqbal () willaf com>
Date: Mon, 31 Jul 2006 17:24:44 +0100
Hi, The given below link might help you. http://sniptools.com/tutorials/windows-apache-and-htaccess-authenticatio n Regards, Kami -----Original Message----- From: pimp mastermind [mailto:gbchustla () gmail com] Sent: 31 July 2006 17:16 To: Florian Streck Cc: security-basics () securityfocus com Subject: Re: Web Authentication Hi there... do you know some software or exploit or whatever which can make a brute force attack to htaccess? i just want to see how it works or if there is some web site with more detailed information about this kind of attack (brute force) ...actually i know how its work when you try to compromise some work station but i never knew how it works with htaccess. Thanks all On 7/27/06, Florian Streck <streck () papafloh de> wrote:
On Mon, Jul 24, 2006 at 10:54:46AM +0300, Maxim Kostyukov wrote:What exactly you want to achieve by doing "better web
authentication"?
In you case, what are those weaknesses with htpasswd scheme?Well the problem with htaccess is that there is no mechanism that checks for the number of trials or failures. So you can brute-force your way in.I am asking because it is almost impossible to answer your question without additional info. ----- Original Message ----- From: "pimp mastermind" <gbchustla () gmail com> To: <security-basics () securityfocus com> Sent: Thursday, July 20, 2006 7:36 AM Subject: Web AuthenticationI have Slackware 10.1 runing. I am using it as a router and fileserver. I use Apache 1.3 for web access. I have some web directories which i want to secure more strongly than with htpasswd but i dont know any other ways of authentication. Also a lot of my scripts in those directories are wirted in PHP Perl and CGI
scripting.
I need to find a better way of authentication? Does any one knows
any
better way of authentication? Thank you all in advance for your helpYou could for example write a script that checks the logfiles for
failed access
attempts and if there are to many restrict the access permissions for the directories. Otherwise you have to use scripts that provide the content of the directories. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEyJFrIXCBARCXXgwRAtD+AKCBShe/vqtLI2nEh08sLJLeKZRPggCcCJx7 0UHI6UBCVP4mo7fNdm479Es= =/Vzg -----END PGP SIGNATURE-----
------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Web Authentication pimp mastermind (Jul 21)
- Re: Web Authentication Nick Owen (Jul 21)
- Re: Web Authentication Maxim Kostyukov (Jul 24)
- Re: Web Authentication Florian Streck (Jul 27)
- Re: Web Authentication pimp mastermind (Jul 31)
- Re: Web Authentication Florian Streck (Jul 31)
- Re: Web Authentication Florian Streck (Jul 27)
- Re: Web Authentication Emilio Casbas (Jul 28)
- <Possible follow-ups>
- RE: Web Authentication Kamran Iqbal (Jul 31)