You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Peter J Milanese <PM...@nypl.org> on 2005/10/05 10:38:48 UTC
Re: [users@httpd] security
There are a number of ways to handle this. If your site is a mix of auth/anon, you probably want to put it in the php. Just do an isset in the php. Documentation on php.net should be helpful.
-----------------
Sent from my NYPL BlackBerry Handheld.
----- Original Message -----
From: [baynaa@mobinet.mn]
Sent: 10/05/2005 04:33 AM
To: <us...@httpd.apache.org>
Subject: [users@httpd] security
Hi,
In our web, users should login to access certain contents. But today we've
just realized that, one can acces those contents without loging in. In other
words, just typing http://xxx.xx/graph_view.php?action=tree
<http://xxx.xx/graph_view.php?action=tree&tree_id=22> &tree_id=22 brings the
graphs. We are using free software, may be that's why it is not so secure.
Has anyone suggest me how to prevent these kind of things. How can I
configure apache, so that it won't bring the page if it has REMOTE_USER env
variable not set? Or if it has nothing to do with Apache?
BR, Baynaa.
RE: [users@httpd] security
Posted by ba...@mobinet.mn.
Can you give me a little bit more info on this issue? One of the number of
the ways?
_____
From: Peter J Milanese [mailto:PMilanese@nypl.org]
Sent: Wednesday, October 05, 2005 4:39 PM
To: users
Subject: Re: [users@httpd] security
There are a number of ways to handle this. If your site is a mix of
auth/anon, you probably want to put it in the php. Just do an isset in the
php. Documentation on php.net should be helpful.
-----------------
Sent from my NYPL BlackBerry Handheld.
_____
----- Original Message -----
From: [baynaa@mobinet.mn]
Sent: 10/05/2005 04:33 AM
To: <us...@httpd.apache.org>
Subject: [users@httpd] security
Hi,
In our web, users should login to access certain contents. But today we've
just realized that, one can acces those contents without loging in. In other
words, just typing http://xxx.xx/graph_view.php?action=tree
<http://xxx.xx/graph_view.php?action=tree&tree_id=22> &tree_id=22 brings the
graphs. We are using free software, may be that's why it is not so secure.
Has anyone suggest me how to prevent these kind of things. How can I
configure apache, so that it won't bring the page if it has REMOTE_USER env
variable not set? Or if it has nothing to do with Apache?
BR, Baynaa.