ozconnect Posted September 28, 2006 Share Posted September 28, 2006 I have been using htaccess security for a while but was dismayed to find recently that an innocent mistake by one user allowed an unintended breach by another.One user had emailed a page from a secured directory to a friend to illustrate something or other. There were active links to urls within the secured direcory on that page.When those links are clicked from the email the linked page is actually displayed with the request for user authentication poping up over the top. By simply cancelling the authentication popup the submit button on that page which is displayed can be actioned.It appears as though any requested page in the secured directory is displayed before the authentication pop-up is actioned.This is not normally an issue for my site as the first page in the directory is normally a redirection page which displays nothing.Surely this is not how htaccess security is intended to work. What can I be doing wrong and how can I really secure my pages from un-wanted actions. Link to comment https://forums.phpfreaks.com/topic/22345-htaccess-directory-security/ Share on other sites More sharing options...
Daniel0 Posted September 28, 2006 Share Posted September 28, 2006 I believe this belongs in the Apache forum. Link to comment https://forums.phpfreaks.com/topic/22345-htaccess-directory-security/#findComment-100240 Share on other sites More sharing options...
ozconnect Posted October 1, 2006 Author Share Posted October 1, 2006 Thanks daniel but any ideas ? Link to comment https://forums.phpfreaks.com/topic/22345-htaccess-directory-security/#findComment-102033 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.