Charles Lockhart wrote:
So, we have a script or something that every time you create a
directory in that secure directory, the script adds an .htaccess file,
and the .htaccess file is used to enforce privacy, requiring a
username and password to log in. I'm told that this should be secure
enough to keep people from accessing the private area, and to prevent
information from turning up on Google + etc.
So my question is, is that correct? I have no webmaster experience,
and very limited privacy/security experience, so I'm not setting that
up, our network admin is, but I figured I'd get a second (third,
fourth, fifth...) opinion.
HTTP Auth should be enough for a wiki. I don't know anything about your
particular wiki, soconsider the flaw of HTTP Auth for yourself. The
session is handled entirely on the client-side (no specification for
"logging off"). And the authetication can be passed in the URI/REFERER
stings. A funky browser behavior could, in turn send this kind of info
to a foreign entity (google, etc). But I may just be paranoid.
Tom
