Htaccess and Internet Explorer

Kirk V. Hastings khasting at library.berkeley.edu
Tue Jun 3 15:12:10 EDT 1997


List Members,

I thought I'd follow-up on my previous rant concerning .htaccess files and
Internet Explorer 3.0. I don't have a solution, but thanks to Tom Dowling
and Geoffrey McKim I do now have some perspective. 

Apparently this is a problem with IE 3.0 (as well as 3.01 and 3.02). Tom
points out that htaccess works just fine with version 4.0, which I
confirmed for myself. However, I just can't believe that there hasn't been
a general hue and cry from systems administrators and their users about a
major browser not supporting such a commonly used feature. Maybe they have
discovered a work-around which is not immediately apparent to me. Does
anyone know of a site using htaccess that does appear to work with IE 3.0?

An equally important issue here is security. Geoffrey McKim has pointed out
to me that having your .htpasswd file in cgi-bin is a huge security risk.
Furthermore, it should not even be anywhere near your Web document
hierarchy. I am often responsible such open doors to hackers and I'm glad
Geoff called me on this one. I have since had our Systems Administrator
move all .htpasswd and .htgroup files to an area only accessible to root. I
suggest others do the same, as hackers are real and present danger.

Hope this helpful to others,

Kirk




Kirk V. Hastings
Digital Library Research and Development
UC Berkeley Libraries


More information about the Web4lib mailing list