www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Mule <ni...@pulsus.com>
Subject Re: general/7350: Can hack htaccess based authentication using IE5
Date Mon, 05 Mar 2001 14:10:37 GMT
That makes sense. Sorry I overlooked this issue before submitting the bug.

Thanks
Nitin

At 04:18 PM 3/2/01 -0500, Jeff Trawick wrote:
>Nitin Mule <nitin@pulsus.com> writes:
>
> > 1. Protect a directory called /members/ using .htaccess
> > 2. Create a file called index.html in that directory
> > 3. Configure DirectoryIndex to serve index.html
> > 4. Point IE5 to /members/index.html
> > 5. Click Cancel in Login box or enter random login/passwords
> > 6. Browser will display authentication error message
> > 7. Click Back on the browser and the browser will display 
> /members/index.html page without any authentication!!!
>
>Perhaps your IE5 cache contained members/index.html before you
>protected toe directory.  Does this happen after you purge your IE5
>cache?
>
>--
>Jeff Trawick | trawickj@bellsouth.net | PGP public key at web site:
>        http://www.geocities.com/SiliconValley/Park/9289/
>              Born in Roswell... married an alien...


Mime
View raw message