[pLog-svn] resserver usage
Reto Hugi
plog at hugi.to
Tue Oct 3 20:40:58 GMT 2006
On 03.10.2006 22:07, Jon Daley wrote:
> (except for the instance where people get the "real" URL, and then try to
> do stuff with it, although I am not sure what they could do - guess file
> names?)
yes. and with the systematic naming scheme lifetype uses, this is easy.
but security through obscurity should anyway never be an option.
> The .htaccess could even only allow requests with a certain
> referrer, or other environment variable, so only redirected accesses would
> be allowed
referrers are too easy to spoof, so no added security. maybe "other
environment variables" may work better, but it adds a complexity to it,
which probably need too much of webserver configuration and still leaves
some holes in the security concept. I'm not too positive that there is a
way to have access control managed via lifetype *and* redirects. but I'd
be glad to learn differently :)
reto
More information about the pLog-svn
mailing list