[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] SSI Vuln on cobalt

Subject: [cobalt-security] SSI Vuln on cobalt
From: Barbara <thebizworkers@xxxxxxxxx>
Date: Sun, 21 Apr 2002 22:18:00 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Just to be sure, I think I should clarify something..
When I said,

>Well.... Not exactly, at least not on my remaining
>RaQ3. I have the following in my access.conf file and
>I still can (and do) use .htaccess files to password
>protect a few user directories..
>
><Directory />
>Options None
>AllowOverride None
>AuthFailDelay 2000000
></Directory>

I wasn't implying that changing this directive in
access.conf to what's shown above doesn't work,
because it does in regards to this Vuln thing... I was
just commenting that I can still use .htaccess files
to password protect user's directories with
AllowOverride set to None (as well as options). Like I
stated, my access.conf file uses the above directive,
and when I try to run that SSI script, I just get a
clean (blank), white page.. Personally, I'd recommend
setting AllowOverride (and options) to None.. -BUT- I
don't offer/enable FP on my RaQ3 either, so I don't
know if doing so will mess anything up with FP or
not..? But you can still use .htaccess files for
password protected directories, so I'd guess it would
be okay for FP enabled sites as well..

Babbara


__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/

Follow-Ups:
- Re: [cobalt-security] SSI Vuln on cobalt
  - From: Jelmer Jellema

Prev by Date: [cobalt-security] RE: SSI Vuln on cobalt
Next by Date: RE: [cobalt-security] RE: SSI Vuln on cobalt
Previous by thread: Re: [cobalt-security] SSI Vuln on cobalt
Next by thread: Re: [cobalt-security] SSI Vuln on cobalt

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index