The following reply was made to PR os-windows/2145; it has been noted by GNATS.
From: Marc Slemko <[EMAIL PROTECTED]> To: Apache bugs database <[EMAIL PROTECTED]> Cc: Subject: Re: os-windows/2145: .htaccess will password protect directory but not individual files if name of file is guessed (fwd) Date: Tue, 28 Apr 1998 11:03:52 -0600 (MDT) ---------- Forwarded message ---------- Date: Tue, 28 Apr 1998 05:03:58 PDT From: Agent Zap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: os-windows/2145: .htaccess will password protect directory but not individual files if name of file is guessed Yes I am sure because if you go directly to http://server.com/protected_dir/guessedfilename.html and not http://server.com/protected_dir/ first it won't prompt you for a password box so therefore it couldn't have cached something I didn't provide. I am aware about browsers caching the passwords after u enter it once though. This is not the case. Did you try it with win95 apache or the one for unix? Thanks for the quick reply, JC >On 28 Apr 1998, John Calvin wrote: > >> >How-To-Repeat: >> To reproduce on win95 (possibly NT as well) >> >> http://server.com/protected_dir/ will produce login and password window (works appropriatly) >> http://server.com/protected_dir/guessedfilename.html will load the file without asking for a password or login. > >Erm... I can't reproduce that. > >Are you _sure_ your authorization isn't being cached by your client? If >you exit the client then reload it, does it prompt for authorization for >http://server.com/protected_dir/ ? If you exit again and reload, does it >prompt for authorization for >http://server.com/protected_dir/guessedfilename.html > >Note that most clients cache the authorization until you exit them or, in >the case of MSIE, they can do it forever. > > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
