Hi, On http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45509&zone_32=category%3Asecurity, (Sun Cobalt "mod_ssl" ("apache-openssl-1.3.x") May Allow Local Account Compromise) the workaround is to disallow per-directory configuration files by only having "AllowOverride None" directives in your "httpd.conf" file. it also says Note: If ".htaccess" files are used to control access to restricted areas of web sites, these areas will become UNPROTECTED by this action. This info is referenced in the http://sunsolve.sun.com/patches/cobalt/raq4.eng.html entry for the patch. I use .htaccess files to control access - will this patch clobber that?
rgds Alan MacDonald -- Webmaster - aceposition.com [EMAIL PROTECTED] +353 51 855 939 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
