Re: Password security

[Maddy <maddy@beinary.org>]

> Is there any reason to place the "deny from all" directive within
> the <limit> section, and with that restrict the effect of it to
> the GET method? Why not just:
> 
> deny from all
> 
> / Gunnar
Using <Limit GET> means a page in that dir cannot be called from
somewhere on the web -- if the point is to stop people from finding out
filenames they might then want to look at when they shouldn't, this does
the trick. Also, on some servers (depending on version of Apache and
sometimes other things), it doesn't work without <Limit GET>.
If you have some different content mixed up in the dir you want to
protect from prying eyes and for whatever reason find setting
permissions on individual files too hard/confusing/time-consuming, the
nice part is that <Limit GET> doesn't affect forms handed by POST.
:)
I'd go into more detail but right now it's late and I'm ... *yawwwwwn*
...tired.
Maddy