Hi
I have apache with basic authentication setup with LDAP for users
credential. apache allow me to login on server but once a user login to the
webapplication and then even close the browser, the browser still have
Authentication Session safe. And next time if you just visit same site the
browser itself passes the uid/pssword to login the website. which is really a
security issue so any one can access site from the PC.
I also performed the senario such as
1: I setup my site as www.mysite.com/site and setup user1/passwd as uid
password to access it
2: on the othere hand I setup other directory say www.mysite.com/logout and
configured to autenticate logout/logout as userid password
if i access www.mysite.com/site by passing user1/pwsswd it successfully
loging
after that i access www.mysite.com/logout with logout/logout successfullu but
the problem is that
if i just access www.mysite.com/site it just allow me to loging witout asking
user id password
so this way also doesnot provide a way to secure the site
Is there any way that i can follow to secure my site or there is no way to
secure site with apache when using basic authentication
Thanks
_________________________________________________________________
Get ideas on sharing photos from people like you. Find new ways to share.
http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008
