Jump to content


Photo

htaccess directory security


  • Please log in to reply
2 replies to this topic

#1 ozconnect

ozconnect
  • Members
  • Pip
  • Newbie
  • 4 posts

Posted 28 September 2006 - 05:50 AM

I have been using htaccess security for a while but was dismayed to find recently that an innocent mistake by one user allowed an unintended breach by another.

One user had emailed a page from a secured directory to a friend to illustrate something or other. There were active links to urls within the secured direcory on that page.

When those links are clicked from the email the linked page is actually displayed with the request for user authentication poping up over the top. By simply cancelling the authentication popup the submit button on that page which is displayed can be actioned.

It appears as though any requested page in the secured directory is displayed before the authentication pop-up is actioned.

This is not normally an issue for my site as the first page in the directory is normally a redirection page which displays nothing.

Surely this is not how htaccess security is intended to work. What can I be doing wrong and how can I really secure my pages from un-wanted actions.

#2 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 28 September 2006 - 01:33 PM

I believe this belongs in the Apache forum.

#3 ozconnect

ozconnect
  • Members
  • Pip
  • Newbie
  • 4 posts

Posted 01 October 2006 - 11:17 PM

Thanks daniel but any ideas ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users