httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: .htaccess
Date Tue, 09 Nov 1999 15:14:58 GMT
Greg Maxwell wrote:

> I found the following on apache-week:
> "   One feature of the NCSA server is that is allows a request to be
>    allowed if it comes from within a particular domain name, or if not,
>    to ask for a valid username and password (using the satisfy
>    directive). This is a combination of restricting by username and by
>    the user's hostname. Unfortunately Apache currently cannot do this."
> 
> Is there a plan to put this functionality in the next apache, or is there
> a module that already does this.
> 
> This functionality would be very useful for intranet sites.

That sounds horribly insecure. I could just spoof my in-addr.arpa entry
for my IP address and I'm inside your intranet without a password with
hardly any effort at all.

Or am I missing something?

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight...

Mime
View raw message