[1104] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Unix links subverting Web security

daemon@ATHENA.MIT.EDU (Holger Reif )
Thu Nov 2 05:54:59 1995

Date: Thu, 2 Nov 95 08:46:20 +0100
From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif )
To: zhul@cs.uregina.ca
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu

>Not really true. .htaccess is one problem. /passwd/.htpasswd is another 
>problem. Anybody can get your password file by:
>	http://your_web_host/passwd/.htpasswd
>crack it, and visit you again with the password.

you should keep  the passwd-dir out of your DOCUMENT_ROOT dir tree!
Then NO web surfer can grab and crack your passwd's

>This password mechanism is not good for cracker, but for gentleman.

It's not hte best but better then nothing!

BTW you should use different passwds (if not user names) for the real accounts
and the "web accounts".

read you later  -  Holger Reif
http://remus.prakinf.tu-ilmenau.de/Reif/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1104] in WWW Security List Archive

Re: Unix links subverting Web security

daemon@ATHENA.MIT.EDU (Holger Reif )Thu Nov 2 05:54:59 1995

daemon@ATHENA.MIT.EDU (Holger Reif )
Thu Nov 2 05:54:59 1995