Gossamer Forum
Home : Products : Gossamer Links : Discussions :

Links SQL Security issues

Quote Reply
Links SQL Security issues
I've chmod setup.cgi into oblivion as well as admin.cgi (temporarily), however, I know there must be a better way.

The Links SQL password protection doesn't work. I've added myself many times, and I'm never challenged going in to the admin directory.

Anyone have an actually .htaccess file that works?

Any other security issues?
Quote Reply
Re: [takacsj] Links SQL Security issues In reply to
Quote:
The Links SQL password protection doesn't work. I've added myself many times, and I'm never challenged going in to the admin directory.

What web server are you using?
Quote Reply
Re: [Paul] Links SQL Security issues In reply to
Apache version 1.3.27
Quote Reply
Re: [takacsj] Links SQL Security issues In reply to
What operating system?
Quote Reply
Re: [takacsj] Links SQL Security issues In reply to
Apache configuration matters if you've configured it properly or not.

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Quote Reply
Re: [takacsj] Links SQL Security issues In reply to
Is .htaccess enabled in your CGI-BIN? Sounds like not. If you have root Telnet / SSH access to your server, see if you can find the following line (httpd.conf or access.conf; may be in block corresponding to CGI-BIN alone):

AllowOverride None

If there, try changing it to:

AllowOverride All


[Note: you should backup the file first so in case you have problems, you can restore from backup]

Then restart the web server. If you do not have Telnet / SSH access, then try asking your web host tech support. BTW, do you curently have any .htaccess-authenticated directories?

----
Cheers,

Dan
Founder and CEO

LionsGate Creative
GoodPassRobot
Magelln
Quote Reply
Re: [dan] Links SQL Security issues In reply to
AllowOverride AuthConfig may be more secure :)
Quote Reply
Re: [Paul] Links SQL Security issues In reply to
Good point! More restrictive, but all that is required in this case. But may want to use:

AllowOverride AuthConfig Limit

..in case he wants to control host access (now or in the future) - could also add 'Indexes' directive-type, but per server config would do. However, AllowOverride AuthConfig alone should suffice. I prefer AllowOverride All as I use (many) directory-specific directive-types (using them all across all my .htaccess files, combined), and prefer to control per .htaccess, via FTP.

----
Cheers,

Dan
Founder and CEO

LionsGate Creative
GoodPassRobot
Magelln
Quote Reply
Re: [dan] Links SQL Security issues In reply to
I normally use "All" because I'm lazy Wink

Luckily it's just on my local apache server though.
Quote Reply
Re: [takacsj] Links SQL Security issues In reply to
Greetings!

Thanks for your help everyone.

I've performed every step as indicated above. I have full/complete access to my server. Running RHT 7.3.

Still nothing works. I am not challenged upon entering the web directory where admin.cgi resides. Well, that is not entirely true, I'm forbidden from viewing the directory , that is simply the way apache normally works anyway via default setup, HOWEVER, per my original post, admin.cgi is freely available for the world to use. The url string that includes admin.cgi at the end, always displays ... for everyone.

Any ideas? No, I don't have .htaccess working on any directory.

TIA.