Hello all
I'm completely new to php but a complete newbie when it comes to unix.
So please don't laugh about my problem.
I have programmed a nice password check with php, javascript and a
database and it works. But as I have removed the access control with
..htaccess on the server I recognized that everybody can now directly
download all documents without a password, as long as they know the
filename and location.
I assume that for any unix hacker it should not be a problem to find
all filenames somehow.
Is this true ? Have I opened a security hole on the server?
If yes, how can I prevent it. And how can I protect some directories
with sensitive data and only show it when somebody has properly
entered his personal passsword.
I mean is it possible to still use the .htaccess on some directories
and grant access to this directory for those users that correctly
identified itself, without having to enter another password ?
thanks
greets
Juerg
** Posted from http://www.teranews.com **