www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: os-windows/2145: .htaccess will password protect directory but not individual files if name of file is guessed
Date Tue, 28 Apr 1998 04:10:01 GMT
The following reply was made to PR os-windows/2145; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: John Calvin <agentzap@hotmail.com>
Cc: apbugs@hyperreal.org
Subject: Re: os-windows/2145: .htaccess will password protect directory but not individual
files if name of file is guessed
Date: Mon, 27 Apr 1998 20:56:34 -0600 (MDT)

 On 28 Apr 1998, John Calvin wrote:
 
 > >How-To-Repeat:
 > To reproduce on win95 (possibly NT as well)
 > 
 > http://server.com/protected_dir/   will produce login and password window (works appropriatly)
 > http://server.com/protected_dir/guessedfilename.html   will load the file without asking
for a password or login.
 
 Erm... I can't reproduce that.  
 
 Are you _sure_ your authorization isn't being cached by your client?  If
 you exit the client then reload it, does it prompt for authorization for
 http://server.com/protected_dir/ ?  If you exit again and reload, does it
 prompt for authorization for
 http://server.com/protected_dir/guessedfilename.html
 
 Note that most clients cache the authorization until you exit them or, in
 the case of MSIE, they can do it forever.
 

Mime
View raw message