Phone: (514) 398-4000 x00417 On Fri, 12 Jul 2002, Thomas [iso-8859-15] Sj�gren wrote:
> Modified "CGI in general" and moved it so it's available earlier then the > other > CGI security tips. > Added info to "Watching Your Logs". > Added "Using Passphrases instead of Passwords" which is about chosing better > passwords when using client authentication. > > No wordwrap and diff -u, this patch better work. :) Looks good. I didn't commit the part about passphrases for two reasons: 1. There is probably good documentation on this topic elsewhere that we could link to. 2. There are several more fundamental issues with HTTP basic auth security. In general, apache does not have any influence at all over how the passwords are set. It just grabs them from the database. Joshua. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
