Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Authorisation and Sub Folders |
|
| Author |
|
geffers
Joined: 27 Oct 2013
Posts: 11
Location: UK,London
|
 Posted: Mon 28 Oct '13 10:48 Post subject: Authorisation and Sub Folders |
 |
|
Folks,
Apache 2.2.22
Very new to Apache but learning slowly.
I have a very small web page and have simple user and password log on protection. This is set up on the apache2.conf file and not the htaccess file.
If I give someone an actual file link from a sub directory for them to use with wget will they be asked for login details?
Geffers |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
geffers
Joined: 27 Oct 2013
Posts: 11
Location: UK,London
|
| Posted: Tue 29 Oct '13 17:20 Post subject: |
|
|
That link didn't actually answer my question but I tried a connection using wget and it does ask me.
Geffers |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 29 Oct '13 20:49 Post subject: |
|
|
Well, they should get asked or anyone could use wget to bypass login.
however, http://username:password@www.mysite.com/subfolder/resource.jpg for an example is how it can be done, and the user will not get asked for the login details.
The username:password could also be URL encoded (%xx codes) so as it is not easily human readable (although they can just decode it with a little work). |
|
| Back to top |
|
|
|
|
|
|
