[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] cgiwrap unsecure?

Subject: [cobalt-security] cgiwrap unsecure?
From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
Date: Sat, 03 Nov 2001 09:57:31 -0600
Organization: anonymous
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

This url triggers htaccess authentication:

http://<domain>/robo/info/who.pl

This url does not trigger htaccess authentication:

http://<domain>/cgiwrapDir/cgiwrap/robo/info/who.pl

The Qube2 htaccess file in the robo/info directory is

AddType text/x-server-parsed-html .html .shtml
AuthUserFile /home/groups/home/robo/info/.htpasswd
AuthGroupFile /dev/null
AuthName "Robo Members"
AuthType Basic
<Limit GET PUT POST>
require valid-user
</Limit>

If I understand what I am seeing ???? then it would seem that the use of
cgiwrap is not providing security, but has removed it??

If so, it would seem prudent to turn off cgiwrap??

Am I missing something?

Mike.

Prev by Date: [cobalt-security] Suggested Firewalls [raq4r]
Next by Date: RE: [cobalt-security] Suggested Firewalls [raq4r]
Previous by thread: RE: [cobalt-security] Suggested Firewalls [raq4r]
Next by thread: [cobalt-security] Important news regarding Webalizer

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index