Yes, thank for the responses and clarification. True the Basic Auth
isn't really a login, as there is no logout per se.
One would suppose from the responses that using .htpasswd and Basic Auth
is really a lousy approach to security, since an attacker can just wail
away indefinitely trying
On October 9, 2011 17:39 , Neal Rhodes ne...@mnopltd.com wrote:
One would suppose from the responses that using .htpasswd and Basic
Auth is really a lousy approach to security, since an attacker can
just wail away indefinitely trying repeatedly, unless one configured
something like fail2ban to
On 2011-10-04 14:44, Neal Rhodes wrote:
We have bunches of web applications which use the regular Apache login
protection,
Do you mean HTTP Basic Auth, as defined in RFC 2616 ?
and they won't run unless REMOTE_USER is set by the Apache login.
Limit GET
require valid-user
/Limit
We have bunches of web applications which use the regular Apache login
protection, and they won't run unless REMOTE_USER is set by the Apache
login.
Limit GET
require valid-user
/Limit
Limit POST PUT DELETE
require valid-user
/Limit
Hi Neal,
I have used http://authmemcookie.sourceforge.net/ previously to create
a form based authentication for web sites.
The form can be in any scripting language Apache supports so CAPTCHA
should be easy to implement.
On Tue, Oct 4, 2011 at 11:44 PM, Neal Rhodes ne...@mnopltd.com wrote:
We