Jump to content

Archived

This topic is now archived and is closed to further replies.

ozconnect

htaccess directory security

Recommended Posts

I have been using htaccess security for a while but was dismayed to find recently that an innocent mistake by one user allowed an unintended breach by another.

One user had emailed a page from a secured directory to a friend to illustrate something or other. There were active links to urls within the secured direcory on that page.

When those links are clicked from the email the linked page is actually displayed with the request for user authentication poping up over the top. By simply cancelling the authentication popup the submit button on that page which is displayed can be actioned.

It appears as though any requested page in the secured directory is displayed before the authentication pop-up is actioned.

This is not normally an issue for my site as the first page in the directory is normally a redirection page which displays nothing.

Surely this is not how htaccess security is intended to work. What can I be doing wrong and how can I really secure my pages from un-wanted actions.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.