Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: How secure is .htaccess?

  • Subject: Re: How secure is .htaccess?
  • From: Big Bad Bob <BigBadBob-at-mrp3-dot-com@xxxxxxxxxxxxx>
  • Date: Sat, 04 Mar 2006 04:16:45 GMT
  • In-reply-to: <dtpcfq$s5i$1@godfrey.mcc.ac.uk>
  • Newsgroups: alt.hacker
  • Organization: EarthLink Inc. -- http://www.EarthLink.net
  • References: <8Jydnb0OHP-3up3ZRVn-jg@buckeye-express.com> <dtpcfq$s5i$1@godfrey.mcc.ac.uk>
  • User-agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050517
  • Xref: news.mcc.ac.uk alt.hacker:195426
Roy Schestowitz wrote:
Does anybody know just how secure is a web directory with digest
password protection placed in the .htaccess file on an Apache2 Windows

If it's a Windows server, it is already less than secure.

I don't know whether to choke or gag. Unfortunately a server that's not up to date on patches would qualify as "less than secure" regardless of the OS. But windows gets a lot of bad press from the frequency and nature of the exploits, only because it's most of the OS's at the moment.

Such boxes are easy to hijack, so local password data can be stolen
or leaked.

a somewhat qualified "yeah" with the caveat that properly securing a windows box is sufficient in nearly all cases. Pick a decent password for 'administrator' and set up security better than the default. But most admins won't do this. How many people use one of the 6 most common passwords?

Encrypting the filesystem is another matter and I don't think that
Vista's predecessors support it.

they do. all NT-based windows versions from 2000 on have built-in encrypted file capability, alleged NSA back door notwithstanding.

Aside from obvious windows-bashing, you are probably better off running an apache web server on something OTHER than windows, only because you get better performance that way. Allegedly I've done comparisons, and windows allegedly lost by about 25% on "raw networking" via SMB, copying large files from one system to another using equivalent hardware. That would have been Samba 3 on FreeBSD 5.x vs Windows XP and 2k.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index