Re: .htaccess for script aliased directories

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
----- Original Message ----- From: "Joshua Slive" <joshua@xxxxxxxx> 
To: <users@xxxxxxxxxxxxxxxx>; "Danie Qian" <daniel@xxxxxxxxxxxxxxxx>
Sent: Friday, April 25, 2008 8:10 PM
Subject: Re:  .htaccess for script aliased directories
On Fri, Apr 25, 2008 at 4:32 PM, Danie Qian <daniel@xxxxxxxxxxxxxxxx> wrote: 


 On second thought, I tested the setting by commentting out the 'require
valid-user' line completely to see what the browsor gets for other methods, 
 it is actually a 403 forbidden error instead of a open 200. So i guess I
was fine with the <limit>GET POST</limit> lines - it only triggers a login 
prompt for GET & POST while leaving the others forbidden. Am I wrong?


You may or may not create an immediate security problem by using
<Limit>. But regardless, it is a bad idea. It could easily open a
security hole in the future if you ever change the configuration of
the content behind the restriction. And why use a complex config, when
the simple one is better and more secure?
I completely agree with you in a general sense 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux