WebApp Sec mailing list archives
Re: htaccess with apache
From: Vladimir Danilyuk <lt () lordtime com>
Date: Tue, 4 Nov 2003 15:11:11 +0200
Hans, Tuesday, November 4, 2003, 12:43:41 PM, you wrote: HM> Hi list HM> I've got a little question. HM> I've got a mail from someone that my Webserver (Apache 1.3.20)is not HM> secure. In the Mail he attached the files .htaccess und passwd HM> which are really from my Web-Server. HM> I've got some simple cgi-Scripts on my server and he said HM> he used one of them (XXXXXX.ziel.cgi?template=maske1.html.....) HM> to get the files. I thought a Directory secured with mod_access HM> cannot be read/accessed without the proper password. HM> Unfortunately the guy is not answering to my eMails HM> and I want to secure my Webserver. Even if he just read HM> the Files (Tripwire didn't show any changes), and didn't HM> wrote something to the server. HM> How is it possible to read the files secured with mod_access HM> with a cgi script? Of course this is possible since script is reading your files using OS calls. Apache modules cannot control file access if actual access to them is made from script or any other application HM> Thanks to all an sorry for my funny HM> English HM> Hans ------------------------------------------------------------- Vladimir Danilyuk http://lordtime.com ICQ: 44562019, 44726644 http://internetvibes.net mailto:lt () lordtime com -------------------------------------------------------------
Current thread:
- Re: htaccess with apache, (continued)
- Re: htaccess with apache A.D.Douma (Nov 05)
- Re: htaccess with apache Graham Lally (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache António Vasconcelos (Nov 05)
- Re: htaccess with apache Tim Greer (Nov 05)
- Re: htaccess with apache António Vasconcelos (Nov 06)
- Re: htaccess with apache Tim Greer (Nov 06)
- Re: htaccess with apache António Vasconcelos (Nov 11)
- Re: htaccess with apache Tim Greer (Nov 11)
- Re: htaccess with apache Tim Greer (Nov 11)
- RE: htaccess with apache Tim Greer (Nov 05)
- RE: htaccess with apache Dinis Cruz (Nov 11)
- RE: htaccess with apache Tim Greer (Nov 11)