This url triggers htaccess authentication: http://<domain>/robo/info/who.pl
This url does not trigger htaccess authentication: http://<domain>/cgiwrapDir/cgiwrap/robo/info/who.pl The Qube2 htaccess file in the robo/info directory is AddType text/x-server-parsed-html .html .shtml AuthUserFile /home/groups/home/robo/info/.htpasswd AuthGroupFile /dev/null AuthName "Robo Members" AuthType Basic <Limit GET PUT POST> require valid-user </Limit> If I understand what I am seeing ???? then it would seem that the use of cgiwrap is not providing security, but has removed it?? If so, it would seem prudent to turn off cgiwrap?? Am I missing something? Mike. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
