Apache2 security bypassed with windows mobile?

Forum Moderators: bakedjake

Message Too Old, No Replies

Apache2 security bypassed with windows mobile?

Apache2 config settings and security

savantbrian

3:05 pm on Dec 31, 2012 (gmt 0)

I'm hoping someone can help me with this.
I've set my pc up as a web server (debian wheezy, apache2,) created a web site and restricted access to some folders with a password.
Everything works fine until one day I tried to access the restricted folders with my old Dell PDA running windows mobile and found I could gain access without a userid or password.
I have the following .htacess file entries:
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthName "Enter password"
Require valid-user
+++++++++++++++++++++++
In the apache2.conf

<Directory /var/www/private>
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride All
</Directory>

Any ideas please.
Thanks, Brian.

mack

3:24 pm on Dec 31, 2012 (gmt 0)

Had you accessed those directories in the past using the same device?

Mack.

savantbrian

3:30 pm on Dec 31, 2012 (gmt 0)

Hi mack,

I don't think so, but I did think of that and deleted all history, cookies and internet files just in case.

Thanks

savantbrian

3:48 pm on Dec 31, 2012 (gmt 0)

Ok I think I've found the problem thanks to the tip from mack.
I seems that windows mobile stores passwords in the registry. My memory not as good as it used to be so I'm guessing I must have accessed the site in the past and forgotten about it. Windows Mobile doesn't let you know its using a stored password
Thanks for memory jogger.
Cheers, Brian

phranque

10:43 pm on Dec 31, 2012 (gmt 0)

welcome to WebmasterWorld, Brian!