The following reply was made to PR os-windows/2145; it has been noted by GNATS.
From: Marc Slemko <[EMAIL PROTECTED]> To: John Calvin <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: os-windows/2145: .htaccess will password protect directory but not individual files if name of file is guessed Date: Mon, 27 Apr 1998 20:56:34 -0600 (MDT) On 28 Apr 1998, John Calvin wrote: > >How-To-Repeat: > To reproduce on win95 (possibly NT as well) > > http://server.com/protected_dir/ will produce login and password window > (works appropriatly) > http://server.com/protected_dir/guessedfilename.html will load the file > without asking for a password or login. Erm... I can't reproduce that. Are you _sure_ your authorization isn't being cached by your client? If you exit the client then reload it, does it prompt for authorization for http://server.com/protected_dir/ ? If you exit again and reload, does it prompt for authorization for http://server.com/protected_dir/guessedfilename.html Note that most clients cache the authorization until you exit them or, in the case of MSIE, they can do it forever.
