Welcome to WebmasterWorld Guest from 54.162.239.134

Forum Moderators: bakedjake

Message Too Old, No Replies

Apache2 security bypassed with windows mobile?

Apache2 config settings and security

     
3:05 pm on Dec 31, 2012 (gmt 0)



I'm hoping someone can help me with this.
I've set my pc up as a web server (debian wheezy, apache2,) created a web site and restricted access to some folders with a password.
Everything works fine until one day I tried to access the restricted folders with my old Dell PDA running windows mobile and found I could gain access without a userid or password.
I have the following .htacess file entries:
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthName "Enter password"
Require valid-user
+++++++++++++++++++++++
In the apache2.conf

<Directory /var/www/private>
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride All
</Directory>

Any ideas please.
Thanks, Brian.
3:24 pm on Dec 31, 2012 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Had you accessed those directories in the past using the same device?

Mack.
3:30 pm on Dec 31, 2012 (gmt 0)



Hi mack,

I don't think so, but I did think of that and deleted all history, cookies and internet files just in case.

Thanks
3:48 pm on Dec 31, 2012 (gmt 0)



Ok I think I've found the problem thanks to the tip from mack.
I seems that windows mobile stores passwords in the registry. My memory not as good as it used to be so I'm guessing I must have accessed the site in the past and forgotten about it. Windows Mobile doesn't let you know its using a stored password
Thanks for memory jogger.
Cheers, Brian
10:43 pm on Dec 31, 2012 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



welcome to WebmasterWorld, Brian!
 

Featured Threads

Hot Threads This Week

Hot Threads This Month