| Apache2 security bypassed with windows mobile?
Apache2 config settings and security |
savantbrian
msg:4532162 | 3:05 pm on Dec 31, 2012 (gmt 0) |
I'm hoping someone can help me with this.
I've set my pc up as a web server (debian wheezy, apache2,) created a web site and restricted access to some folders with a password.
Everything works fine until one day I tried to access the restricted folders with my old Dell PDA running windows mobile and found I could gain access without a userid or password.
I have the following .htacess file entries:
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthName "Enter password"
Require valid-user
+++++++++++++++++++++++
In the apache2.conf
<Directory /var/www/private>
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride All
</Directory>
Any ideas please.
Thanks, Brian.
|
mack
msg:4532165 | 3:24 pm on Dec 31, 2012 (gmt 0) |
Had you accessed those directories in the past using the same device?
Mack.
|
savantbrian
msg:4532166 | 3:30 pm on Dec 31, 2012 (gmt 0) |
Hi mack,
I don't think so, but I did think of that and deleted all history, cookies and internet files just in case.
Thanks
|
savantbrian
msg:4532170 | 3:48 pm on Dec 31, 2012 (gmt 0) |
Ok I think I've found the problem thanks to the tip from mack.
I seems that windows mobile stores passwords in the registry. My memory not as good as it used to be so I'm guessing I must have accessed the site in the past and forgotten about it. Windows Mobile doesn't let you know its using a stored password
Thanks for memory jogger.
Cheers, Brian
|
phranque
msg:4532247 | 10:43 pm on Dec 31, 2012 (gmt 0) |
welcome to WebmasterWorld, Brian!
|
|
|
