httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter J Milanese" <PMilan...@nypl.org>
Subject Re: [users@httpd] security
Date Wed, 05 Oct 2005 08:38:48 GMT
There are a number of ways to handle this. If your site is a mix of auth/anon, you probably
want to put it in the php. Just do an isset in the php. Documentation on php.net should be
helpful. 

-----------------
Sent from my NYPL BlackBerry Handheld.


----- Original Message -----
From:  [baynaa@mobinet.mn]
Sent: 10/05/2005 04:33 AM
To: <users@httpd.apache.org>
Subject: [users@httpd] security

Hi,

In our web, users should login to access certain contents. But today we've
just realized that, one can acces those contents without loging in. In other
words, just typing http://xxx.xx/graph_view.php?action=tree
<http://xxx.xx/graph_view.php?action=tree&tree_id=22> &tree_id=22 brings the
graphs. We are using free software, may be that's why it is not so secure.
Has anyone suggest me how to prevent these kind of things. How can I
configure apache, so that it won't bring the page if it has REMOTE_USER env
variable not set?  Or if it has nothing to do with Apache?

BR, Baynaa.

 


Mime
View raw message