Re: [htdig] Search engine for private page


Subject: Re: [htdig] Search engine for private page
From: Stephane Bortzmeyer (bortzmeyer@pasteur.fr)
Date: Wed Oct 25 2000 - 07:37:09 PDT


On Wednesday 25 October 2000, at 7 h 38, the keyboard of Geoff Hutchison
<ghutchis@wso.williams.edu> wrote:

> You can make a symbolic link and secure one of the URLs, e.g.:
>
> ln -s htsearch htsearch.pr
>
> and then in your server config:
> <Location /cgi-bin/htsearch.pr>
> AuthType Basic

As I understand it, there is no real security here: anyone can setup a form in a Web page which will call htsearch (not htsearch.pr) and this htsearch will be able to read the configuration file for the private database?

------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig-unsubscribe@htdig.org
You will receive a message to confirm this.
List archives: <http://www.htdig.org/mail/menu.html>
FAQ: <http://www.htdig.org/FAQ.html>



This archive was generated by hypermail 2b28 : Wed Oct 25 2000 - 07:43:00 PDT