|
|
Did You Check This???
Perhaps I'm overlooking something here, but I just tried accessing several .htaccess pages using various combinations of lower/upper letters and they all came back with a basic login request. So what's the problem? I just can't seem to gain a similar fever of paranoia with this post. What, again, seems to be the problem? Perhaps you should be looking into your Apache setup rather than dropping the entire blame on OS X; have you even uncommented the proper access restrictions? If it is a problem, please document it a little more fully.
Did You Check This???
I, too, had trouble triggering the bug on my HFS+ box. No matter how I capitalized my protected directory, I couldn't avoid the login prompt.
Did You Check This???
me too...couldn't get the 'bug' to appear. All my protected directories still forced the login/passwd sheet to appear.
Did You Check This???
I also don't have any case sensitivity problems with several .htaccess protected pages on my intranet Apache web site. I always get the authentication screen (in OmniWeb) no matter how I alter capitalization for the desired directory.
Did You Check This???
Just wanted to point out here... as I understand it, the bug is not with ".htaccess"-protected directories, but ony with directories protected using Location or Directory tags specified in httpd.conf (Apache's global configuration file). When you use .htaccess files, performance is slightly degraded. The article points out that the more performant security methods (specifying Location or Directory tags in httpd.conf) are the ones that have the security hole. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.05 seconds |
|