Re: [users@httpd] security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "users" <users@xxxxxxxxxxxxxxxx>
Subject: Re: [users@httpd] security
From: "Peter J Milanese" <PMilanese@xxxxxxxx>
Date: Wed, 5 Oct 2005 04:38:48 -0400
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: users@xxxxxxxxxxxxxxxx

There are a number of ways to handle this. If your site is a mix of auth/anon, you probably want to put it in the php. Just do an isset in the php. Documentation on php.net should be helpful.

-----------------
Sent from my NYPL BlackBerry Handheld.

----- Original Message -----
From: [baynaa@xxxxxxxxxx]
Sent: 10/05/2005 04:33 AM
To: <users@xxxxxxxxxxxxxxxx>
Subject: [users@httpd] security

Hi,

In our web, users should login to access certain contents. But today we’ve just realized that, one can acces those contents without loging in. In other words, just typing http://xxx.xx/graph_view.php?action=""> brings the graphs. We are using free software, may be that’s why it is not so secure. Has anyone suggest me how to prevent these kind of things. How can I configure apache, so that it won’t bring the page if it has REMOTE_USER env variable not set? Or if it has nothing to do with Apache?

BR, Baynaa.

Follow-Ups:
- RE: [users@httpd] security
  - From: baynaa

Prev by Date: [users@httpd] security
Next by Date: RE: [users@httpd] moving .htaccess rewrite cond to httpd.conf
Previous by thread: [users@httpd] security
Next by thread: RE: [users@httpd] security
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]