|
Hi I have apache with basic authentication setup with LDAP for users credential. apache allow me to login on server but once a user login to the webapplication and then even close the browser, the browser still have Authentication Session safe. And next time if you just visit same site the browser itself passes the uid/pssword to login the website. which is really a security issue so any one can access site from the PC. I also performed the senario such as 1: I setup my site as www.mysite.com/site and setup user1/passwd as uid password to access it 2: on the othere hand I setup other directory say www.mysite.com/logout and configured to autenticate logout/logout as userid password if i access www.mysite.com/site by passing user1/pwsswd it successfully loging after that i access www.mysite.com/logout with logout/logout successfullu but the problem is that if i just access www.mysite.com/site it just allow me to loging witout asking user id password so this way also doesnot provide a way to secure the site Is there any way that i can follow to secure my site or there is no way to secure site with apache when using basic authentication Thanks Get ideas on sharing photos from people like you. Find new ways to share. Get Ideas Here! |
|