Home page logo

basics logo Security Basics mailing list archives

Re: Web Authentication
From: streck () papafloh de (Florian Streck)
Date: Thu, 27 Jul 2006 12:11:55 +0200

On Mon, Jul 24, 2006 at 10:54:46AM +0300, Maxim Kostyukov wrote:
What exactly you want to achieve by doing "better web authentication"?
In you case, what are those weaknesses with htpasswd scheme?

Well the problem with htaccess is that there is no mechanism that
checks for the number of trials or failures.
So you can brute-force your way in.

I am asking because it is almost impossible to answer your question
without additional info.

----- Original Message ----- 
From: "pimp mastermind" <gbchustla () gmail com>
To: <security-basics () securityfocus com>
Sent: Thursday, July 20, 2006 7:36 AM
Subject: Web Authentication

I have Slackware 10.1 runing. I am using it as a router and
fileserver. I use Apache 1.3 for web access. I have some web
directories which i want to secure more strongly than with htpasswd
but i dont know any other ways of authentication. Also a lot of my
scripts in those directories are wirted in PHP Perl and CGI scripting.
I need to find a better way of authentication? Does any one knows any
better way of authentication?
Thank you all in advance for your help

You could for example write a script that checks the logfiles for failed access
attempts and if there are to many restrict the access permissions for
the directories.
Otherwise you have to use scripts that provide the content of the

Attachment: signature.asc
Description: Digital signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]