[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Apache & SSL Update 2.0.1
- Subject: [cobalt-security] Apache & SSL Update 2.0.1
- From: Alan MacDonald <webmaster@xxxxxxxxxxxxxxx>
- Date: Wed, 02 Oct 2002 12:17:36 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
On
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45509&zone_32=category%3Asecurity,
(Sun Cobalt "mod_ssl" ("apache-openssl-1.3.x") May Allow Local Account
Compromise) the workaround is to disallow per-directory configuration files
by only having "AllowOverride None" directives in your "httpd.conf" file.
it also says Note: If ".htaccess" files are used to control access to
restricted areas of web sites, these areas will become UNPROTECTED by this
action.
This info is referenced in the
http://sunsolve.sun.com/patches/cobalt/raq4.eng.html entry for the patch.
I use .htaccess files to control access - will this patch clobber that?
rgds
Alan MacDonald
--
Webmaster - aceposition.com
webmaster@xxxxxxxxxxxxxxx
+353 51 855 939