Frackin script kiddies!!
David Kramer
david-8uUts6sDVDvs2Lz0fTdYFQ at public.gmane.org
Tue Aug 3 00:01:05 EDT 2010
Jarod Wilson wrote:
> Well, personally, I think a sane mythweb package puts a config file
> into apache's config includes directory, not in a .htaccess file. And
> then you enable authentication and wrap it with ssl. I'm not paranoid
> enough to worry about requiring a vpn link or ssh tunnels, I've got
> https access from anywhere.
When I first set it up years ago, it relied on an .htaccess file.
The newer versions do put the constraints in the apache config file, but
they're commented out by default.
That's how I ended up with neither ;)
I agree it should be in place by default with instructions on how to
either remove it, or finish the job by creating a .htdigest file.
HTTPS is a problematic solution, because SSL can't know anything about
domain names (ie virtual hosts don't work with SSL). That means my one
IP address can only have one DocumentRoot, and I choose to use that for
webmail, thank you very much.
More information about the Discuss
mailing list