Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] apache mod_auth_digest
- Date: Wed, 4 Apr 2007 07:43:54 +0900 (JST)
- From: Curt Sampson <cjs@example.com>
- Subject: Re: [tlug] apache mod_auth_digest
- References: <a96ae3bb0703312256q25fb7180mf5b82d601433414b@example.com> <f118b8b90704010005wa3d11ebo3a6a890a602b2fcf@example.com>
On Sun, 1 Apr 2007, Keith Bawden wrote:
2) Is it a security problem to put the .htdigest file in the same private directory? The httpd.conf contains the following lines, but I don't know if that's enough:
I generally keep all such files outside of the URI space of the web server. The last thing you want is web server to be serving up the file.
You could as you have mentioned tweak your config to "disallow" this. However, I find keeping it out of the way in the first place easier.
It's also much more secure. "Human error" is a major factor in security problems, and so in any well designed security system a lot of work is put into not making it possible to secure something, but making it easy.
cjs -- Curt Sampson <cjs@example.com> +81 90 7737 2974
- References:
- [tlug] apache mod_auth_digest
- From: Hector Akamine
- Re: [tlug] apache mod_auth_digest
- From: Keith Bawden
- [tlug] apache mod_auth_digest
- Prev by Date: [tlug] Linux-compatible Mac laptop?
- Next by Date: Re: [tlug] Linux-compatible Mac laptop?
- Previous by thread: Re: [tlug] apache mod_auth_digest
- Next by thread: Re: [tlug] how filesystem works?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |