|
There are a number of ways to handle this. If your site is a mix of auth/anon, you probably want to put it in the php. Just do an isset in the php. Documentation on php.net should be helpful. ----- Original Message ----- Hi, In our web, users should login to access certain contents. But
today we’ve just realized that, one can acces those contents without
loging in. In other words, just typing http://xxx.xx/graph_view.php?action="">
brings the graphs. We are using free software, may be that’s why it is
not so secure. Has anyone suggest me how to prevent these kind of things. How
can I configure apache, so that it won’t bring the page if it has
REMOTE_USER env variable not set? Or if it has nothing to do with Apache? BR, Baynaa. |
- [EMAIL PROTECTED] security baynaa
- Re: [EMAIL PROTECTED] security Peter J Milanese
- RE: [EMAIL PROTECTED] security Boyle Owen
