www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <trawi...@bellsouth.net>
Subject Re: general/7350: Can hack htaccess based authentication using IE5
Date Fri, 02 Mar 2001 21:18:28 GMT
Nitin Mule <nitin@pulsus.com> writes:

> 1. Protect a directory called /members/ using .htaccess
> 2. Create a file called index.html in that directory
> 3. Configure DirectoryIndex to serve index.html
> 4. Point IE5 to /members/index.html
> 5. Click Cancel in Login box or enter random login/passwords
> 6. Browser will display authentication error message
> 7. Click Back on the browser and the browser will display /members/index.html page without
any authentication!!!

Perhaps your IE5 cache contained members/index.html before you
protected toe directory.  Does this happen after you purge your IE5

Jeff Trawick | trawickj@bellsouth.net | PGP public key at web site:
             Born in Roswell... married an alien...

View raw message