HELP w/HTAccess

HELP w/HTAccess

Post by Alan Gag » Tue, 18 Nov 1997 04:00:00



I need help with an HTAccess problem.  I have bypassed HTAccess for a
few members
of my site by giving them a URL like this one:

This works great untill they use a CGI program.  When it goes to a CGI
program such as a search engine then back to the HTML pages it loses the
username:password.   Can anyone help me with an idea to fix the
problem?????

PLEASE


 
 
 

HELP w/HTAccess

Post by Kevin P. Ne » Fri, 21 Nov 1997 04:00:00



>I need help with an HTAccess problem.  I have bypassed HTAccess for a
>few members
>of my site by giving them a URL like this one:


WOW is this a bad idea.

This makes your users' name and password appear in the referer field
in the access_log (assuming you are using that style of log, it's
pretty common).

It also means that their passwords are in clear text on their screen,
and it means that when they bookmark that URL then any smuck can come
along later and use their machine (assuming it's a PC) to see the
protected page.

Bad idea.

What problem are you trying to solve with this "solution"? Perhaps we
can suggest a better way.

Quote:>This works great untill they use a CGI program.  When it goes to a CGI
>program such as a search engine then back to the HTML pages it loses the
>username:password.   Can anyone help me with an idea to fix the
>problem?????

Don't do this at all?

Why put the name+password in the URL at all?
--
XCOMM Kevin P. Neal, Junior, Comp. Sci.     -   House of Retrocomputing


XCOMM "Good grief, I've just noticed I've typed in a rant. Sorry chaps!"

 
 
 

1. How to prevent reading of .htaccess in a .htaccess ?

Hello,

I use Apache 1.3.20 on Solaris 2.6 and i want to know how i can prevent
reading of .htaccess IN
a .htaccess (not a <directory> directive).

Basically this is what i want :
http://www/guest/noguest/

In this case i want that the .htaccess in /guest prevent the reading of
the .htaccess in noguest.
(and i all the directories below)

I don't want a <directory> directive because in this case this is the
admin (me) who edit the httpd.conf
and not the user who manage his directory (and put the .htaccess).

Best regards, thanks per advance for your answers,

--
 Ludovic.Maitre at sophia.inria.fr

 INRIA - 2004 route des lucioles - BP 93    Tel: (33/0) 4 92 38 50 41
 06902   SOPHIA-ANTIPOLIS cedex (France)    Fax: (33/0) 4 92 38 76 02
 Free online CSS editor :

http://www-sop.inria.fr/semir/personnel/Ludovic.Maitre/freestyle/free...

2. bison and flex help, please

3. .htaccess file doesnt work with imagemap: HELP !!

4. What makes libc "abort()"?

5. need help with .htaccess on apache

6. Win98 SE broke my internet access through linux gateway

7. HELP: needed with .htaccess and Perl strangeness

8. Timed out waiting for NIS to come up

9. Need help with .htaccess

10. .htaccess help needed

11. HELP! .htaccess disaster

12. Help: Apache htaccess problems

13. restrict web access to site with .htaccess file ??help