[3617] in WWW Security List Archive
Re: .htaccess created by CGI script...
daemon@ATHENA.MIT.EDU (L. Lopshire)
Sat Nov 23 18:10:16 1996
Date: Fri, 22 Nov 1996 19:28:15 -0800 (PST)
From: "L. Lopshire" <ayn@pacifier.com>
To: sameer <sameer@c2.net>
cc: Harris Demel <HARRIS@novell.com>, www-security@ns2.rutgers.edu
In-Reply-To: <199611220742.XAA02763@atropos.c2.org>
Errors-To: owner-www-security@ns2.rutgers.edu
I agree! Use SSL and add a FIREWALL.
On Thu, 21 Nov 1996, sameer wrote:
>Date: Thu, 21 Nov 1996 23:42:45 -0800 (PST)
>From: sameer <sameer@c2.net>
>To: Harris Demel <HARRIS@novell.com>
>Cc: www-security@ns2.rutgers.edu
>Subject: Re: .htaccess created by CGI script...
>
>>
>> IP spoofing is very easy to do with .htaccess files, especially within an
>> intranet (people on same subnets). Using passwords would be more
>> secure than IP addresses (or machine names) but again, people could
>> sniff the passwords off the wire as they are sent in clear-text.
>
> Use SSL and client certs. Secure, powerful, and flexible.
>
>--
>Sameer Parekh Voice: 510-986-8770
>President FAX: 510-986-8777
>C2Net
>http://www.c2.net/ sameer@c2.net
>
