[3613] in WWW Security List Archive
Re: .htaccess created by CGI script...
daemon@ATHENA.MIT.EDU (Matt Mosley)
Fri Nov 22 19:03:03 1996
Date: Fri, 22 Nov 1996 17:07:13 -0500 (EST)
From: Matt Mosley <mattm@digex.net>
To: sameer <sameer@c2.net>
Cc: HARRIS@novell.com (Harris Demel), www-security@ns2.rutgers.edu
In-Reply-To: Re: .htaccess created by CGI script... (sameer@c2.net)
Errors-To: owner-www-security@ns2.rutgers.edu
On November 21, sameer@c2.net wrote:
> >
> > IP spoofing is very easy to do with .htaccess files, especially within an
> > intranet (people on same subnets). Using passwords would be more
> > secure than IP addresses (or machine names) but again, people could
> > sniff the passwords off the wire as they are sent in clear-text.
>
> Use SSL and client certs. Secure, powerful, and flexible.
I'd hardly call SSL "secure".
