Re: Unix links subverting Web security

• To: zhul@cs.uregina.ca
• Subject: Re: Unix links subverting Web security
• From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif )
• Date: Thu, 2 Nov 95 08:46:20 +0100
• Cc: www-security@ns2.rutgers.edu

>Not really true. .htaccess is one problem. /passwd/.htpasswd is another 
>problem. Anybody can get your password file by:
>	http://your_web_host/passwd/.htpasswd
>crack it, and visit you again with the password.

you should keep  the passwd-dir out of your DOCUMENT_ROOT dir tree!
Then NO web surfer can grab and crack your passwd's

>This password mechanism is not good for cracker, but for gentleman.

It's not hte best but better then nothing!

BTW you should use different passwds (if not user names) for the real accounts
and the "web accounts".


read you later  -  Holger Reif
http://remus.prakinf.tu-ilmenau.de/Reif/

• Previous: Getting off of this list
• Next: Re: Unix links subverting Web security
• Index(es):
  • Index
  • Thread