[3607] in WWW Security List Archive
Re: .htaccess created by CGI script...
daemon@ATHENA.MIT.EDU (sameer)
Fri Nov 22 04:57:19 1996
From: sameer <sameer@c2.net>
To: HARRIS@novell.com (Harris Demel)
Date: Thu, 21 Nov 1996 23:42:45 -0800 (PST)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <s294768b.042@novell.com> from "Harris Demel" at Nov 21, 96 03:33:40 pm
Errors-To: owner-www-security@ns2.rutgers.edu
>
> IP spoofing is very easy to do with .htaccess files, especially within an
> intranet (people on same subnets). Using passwords would be more
> secure than IP addresses (or machine names) but again, people could
> sniff the passwords off the wire as they are sent in clear-text.
Use SSL and client certs. Secure, powerful, and flexible.
--
Sameer Parekh Voice: 510-986-8770
President FAX: 510-986-8777
C2Net
http://www.c2.net/ sameer@c2.net
