Bugtraq mailing list archives
Re: More fun with WWWBoard
From: ben () ALGROUP CO UK (Ben Laurie)
Date: Thu, 23 Sep 1999 15:12:07 +0100
Vladimir Dubrovin wrote:
Hello Chris Ridd, 20.09.99 16:24, you wrote: More fun with WWWBoard; C> In Apache you'd configure this as follows: C> <Files passwd.txt> C> deny from all C> </Files> or put it in some directory inside your web home and configure <Limit GET> deny from all </Limit> <Limit POST> deny from all </Limit> for this directory. It's more safe, because some text editors leave backup copy of the file, for example passwd.txt~. In this case you are safe even if you forget to remove this file.
In general, you should not use <Limit...> unless for some reason you want your security to only apply to GET and POST methods. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
Current thread:
- Re: More fun with WWWBoard, (continued)
- Re: More fun with WWWBoard Chris Ridd (Sep 20)
- Re: More fun with WWWBoard Mark Jeftovic (Sep 21)
- Re: More fun with WWWBoard Patrick Oonk (Sep 22)
- Re: More fun with WWWBoard Speed (Sep 24)
- Re: More fun with WWWBoard Mark Jeftovic (Sep 26)
- Microsoft Security Bulletin (MS99-037) Aleph One (Sep 25)
- Internet Explorer 5.0 & AOL Instant Messenger 3.x (latest version) Bug forcing Win98 to crash remotely webmaster (Sep 22)
- Re: Internet Explorer 5.0 & AOL Instant Messenger 3.x (latest version) Bug forcing Win98 to crash remotely Peter Haglund (Sep 24)
- Re: More fun with WWWBoard Vladimir Dubrovin (Sep 21)
- SCO 5.0.x scosession local exploit Brock Tellier (Sep 22)
- Re: More fun with WWWBoard Ben Laurie (Sep 23)
- SuSE 6.2 sccw overflow exploit Brock Tellier (Sep 23)
- Security Bulletins Digest Aleph One (Sep 20)
- Microsoft Security Bulletin (MS99-038) Aleph One (Sep 20)
- FreeBSD Security Advisory: FreeBSD-SA-99:06.amd Aleph One (Sep 20)
- socket buffer DoS/administrative limits (fwd) Brian F. Feldman (Sep 17)
- A few bugs... Tymm Twillman (Sep 17)
- Re: A few bugs... Olaf Kirch (Sep 20)