Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Did You Check This???' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Did You Check This???
Authored by: Anonymous on Jun 14, '01 08:40:19AM

Perhaps I'm overlooking something here, but I just tried accessing several .htaccess pages using various combinations of lower/upper letters and they all came back with a basic login request. So what's the problem? I just can't seem to gain a similar fever of paranoia with this post. What, again, seems to be the problem? Perhaps you should be looking into your Apache setup rather than dropping the entire blame on OS X; have you even uncommented the proper access restrictions? If it is a problem, please document it a little more fully.

Cheers,
ptervin



[ Reply to This | # ]
Did You Check This???
Authored by: atl on Jun 14, '01 01:11:40PM

I, too, had trouble triggering the bug on my HFS+ box. No matter how I capitalized my protected directory, I couldn't avoid the login prompt.
I'm not saying it's not a problem. I'm only saying that it's not universal.



[ Reply to This | # ]
Did You Check This???
Authored by: Anonymous on Jun 14, '01 07:31:15PM

me too...couldn't get the 'bug' to appear. All my protected directories still forced the login/passwd sheet to appear.

Y



[ Reply to This | # ]
Did You Check This???
Authored by: FlyBoy on Jun 15, '01 10:13:49PM

I also don't have any case sensitivity problems with several .htaccess protected pages on my intranet Apache web site. I always get the authentication screen (in OmniWeb) no matter how I alter capitalization for the desired directory.

FlyBoy



[ Reply to This | # ]
Did You Check This???
Authored by: Anonymous on Jun 16, '01 02:55:10PM

Just wanted to point out here... as I understand it, the bug is not with ".htaccess"-protected directories, but ony with directories protected using Location or Directory tags specified in httpd.conf (Apache's global configuration file). When you use .htaccess files, performance is slightly degraded. The article points out that the more performant security methods (specifying Location or Directory tags in httpd.conf) are the ones that have the security hole.

Anyway, Apple's recent open-sourcing of mod_hfs_apple.so seems to address the problem for those who care to install it.



[ Reply to This | # ]