lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.44.0403161957530.9431-100000@pingu.awe.com>
Date: Tue, 16 Mar 2004 20:03:38 +0000 (GMT)
From: Mark J Cox <mark@....com>
To: bugtraq@...urityfocus.com
Subject: Re: Fw: Bilbao Method Exposed


> - English Version: http://www.kernelpanik.org/docs/kernelpanik/bme.eng.pdf
> - Spanish Version: http://www.kernelpanik.org/docs/kernelpanik/bme.esp.pdf
> 
> This paper explains a brief form to avoid .htaccess authentification in
> Apache, configured according to criteria of multiple references.

http://httpd.apache.org/docs-2.0/mod/core.html#limit states "A
<LimitExcept> section should always be used in preference to a <Limit>
section when restricting access, since a <LimitExcept> section provides
protection against arbitrary methods."

See also http://www.apacheweek.com/issues/99-02-12#status

Mark
--
Mark J Cox ........................................... www.awe.com/mark
Apache Software Foundation ..... OpenSSL Group ..... Apache Week editor

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ