httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [PATCH] security_tips.html
Date Fri, 12 Jul 2002 17:48:09 GMT
Phone: (514) 398-4000 x00417

On Fri, 12 Jul 2002, Thomas [iso-8859-15] Sjögren wrote:

> Modified "CGI in general" and moved it so it's available earlier then the other
> CGI security tips.
> Added info to "Watching Your Logs".
> Added "Using Passphrases instead of Passwords" which is about chosing better
> passwords when using client authentication.
>
> No wordwrap and diff -u, this patch better work. :)

Looks good.  I didn't commit the part about passphrases for two reasons:

1. There is probably good documentation on this topic elsewhere that
we could link to.

2. There are several more fundamental issues with HTTP basic auth
security.  In general, apache does not have any influence at all over how
the passwords are set.  It just grabs them from the database.

Joshua.


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message