[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Apache & SSL Update 2.0.1

Subject: Re: [cobalt-security] Apache & SSL Update 2.0.1
From: Jaana Jarve <netcat@xxxxxxxxx>
Date: Wed, 2 Oct 2002 14:37:32 +0300 (EEST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Wed, 2 Oct 2002, Alan MacDonald wrote:

> Hi,
> On
> http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45509&zone_32=category%3Asecurity,
> (Sun Cobalt "mod_ssl" ("apache-openssl-1.3.x") May Allow Local Account
> Compromise) the workaround is to disallow per-directory configuration files
> by only having "AllowOverride None" directives in your "httpd.conf" file.
> it also says Note: If ".htaccess" files are used to control access to
> restricted areas of web sites, these areas will become UNPROTECTED by this
> action.
> This info is referenced in the
> http://sunsolve.sun.com/patches/cobalt/raq4.eng.html entry for the patch.
> I use .htaccess files to control access - will this patch clobber that?

if the workaround consists of disabling usage of .htaccess files then
implementing it of course will make it impossible to use .htaccess files.
how could it be otherwise?

rgds,
netcat

Follow-Ups:
- Re: [cobalt-security] Apache & SSL Update 2.0.1
  - From: Alan MacDonald

References:
- [cobalt-security] Apache & SSL Update 2.0.1
  - From: Alan MacDonald

Prev by Date: Re: [cobalt-security] solarspeed openssl package
Next by Date: Re: [cobalt-security] Secure Certificates
Previous by thread: [cobalt-security] Apache & SSL Update 2.0.1
Next by thread: Re: [cobalt-security] Apache & SSL Update 2.0.1

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index