Hi everybody,
our website is parted in public and privat subnet.
Now, I set up htdig with two different confs. So public parts can be
searched by htdig, and also private parts by different databases.
The private search.html is protected by .htaccess and "require user...".
But as /cgi-bin/htserach is executable by any webclient (for working with
the public search database), anybody can use it with the private config by
typing "config=htdig.privat" in the URL by hand.
Of course, a "spy" has to know the name of the private config file. But I
think, you can guess it, or worse: members of the private section, who
aren't privileged any longer by changing the password, can access it
easily.
So, how can I protect htsearch from being abused by typing in another
config in the URL?
Bye
Andreas
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
