I just have just found this article, that describes this technique:
http://apachetoday.com/mailprint.php3?action=pvltsn=2000-06-14-002-01-PS#SetEnvIf
Thank you all for your help. :-))
S
From: Maxwell Hung [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Insecurity with PHP
Hello all
I have just implemented a mySQL authorization: each html and php page checks
to see whether a user is logged in by checking a cookie in the user browser.
The user can log out and edit her profile (including password). If a page is
called without the user being logged in, he is
If you don't have a very high load, then you could move all not-php-files
out of htdocs-root and use a pseudo-root directory htdocs/../rawfiles as root
for redirect.php.
For example image.jpg is placed in htdocs/../rawfiles/images then access it
with /redirect.php?/images/image.jpg !
redirect.php
PROTECTED]
Subject: Re: [PHP] Insecurity with PHP authorization
If you don't have a very high load, then you could move all not-php-files
out of htdocs-root and use a pseudo-root directory
htdocs/../rawfiles as root
for redirect.php.
For example image.jpg is placed in htdocs/../rawfiles
-Original Message-
From: Stefen Lars [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 3:03 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Insecurity with PHP authorization
I do realize that if I were to place a .htaccess file in the
root of the intranet server, I could
]
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Insecurity with PHP authorization
Date: Tue, 7 Aug 2001 11:22:33 +0100 (BST)
Hi Stefan
You can do this
#Add this httpd.conf N.B apache 1.3.12
SetEnvIfNoCase Referer ^http://www.mysite/;
local_ref=1
# place the following into a .htaccess file in the dir
6 matches
Mail list logo
