[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] cgiwrap unsecure?
- Subject: [cobalt-security] cgiwrap unsecure?
- From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
- Date: Sat, 03 Nov 2001 09:57:31 -0600
- Organization: anonymous
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
This url triggers htaccess authentication:
http://<domain>/robo/info/who.pl
This url does not trigger htaccess authentication:
http://<domain>/cgiwrapDir/cgiwrap/robo/info/who.pl
The Qube2 htaccess file in the robo/info directory is
AddType text/x-server-parsed-html .html .shtml
AuthUserFile /home/groups/home/robo/info/.htpasswd
AuthGroupFile /dev/null
AuthName "Robo Members"
AuthType Basic
<Limit GET PUT POST>
require valid-user
</Limit>
If I understand what I am seeing ???? then it would seem that the use of
cgiwrap is not providing security, but has removed it??
If so, it would seem prudent to turn off cgiwrap??
Am I missing something?
Mike.