Re: More fun with WWWBoard

From: Ben Laurie (benat_private)
Date: Thu Sep 23 1999 - 07:12:07 PDT

Next message: Brock Tellier: "SCO 5.0.x scosession local exploit"

Previous message: Lancashire, Andrew: "Nmap and Cisco Dos, clarification --"
Maybe in reply to: David Weins: "More fun with WWWBoard"
Next in thread: Patrick Oonk: "Re: More fun with WWWBoard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vladimir Dubrovin wrote:
>
> Hello Chris Ridd,
>
> 20.09.99 16:24, you wrote: More fun with WWWBoard;
>
> C> In Apache you'd configure this as follows:
>
> C> <Files passwd.txt>
> C> deny from all
> C> </Files>
>
> or put it in some directory inside your web home and configure
>
> <Limit GET>
> deny from all
> </Limit>
>
> <Limit POST>
> deny from all
> </Limit>
>
> for  this  directory.  It's more safe, because some text editors leave
> backup copy of the file, for example passwd.txt~. In this case you are
> safe even if you forget to remove this file.

In general, you should not use <Limit...> unless for some reason you
want your security to only apply to GET and POST methods.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi

Next message: Brock Tellier: "SCO 5.0.x scosession local exploit"
Previous message: Lancashire, Andrew: "Nmap and Cisco Dos, clarification --"
Maybe in reply to: David Weins: "More fun with WWWBoard"
Next in thread: Patrick Oonk: "Re: More fun with WWWBoard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:04:54 PDT