Home > Articles

  • Print
  • + Share This
This chapter is from the book

Quiz

  1. Can you configure Apache to prevent a certain Web site from linking to yours? (Hint: You can use the Referer: HTTP header for this.)

  2. What are the advantages of database files over plain text files?

  3. Can you name some disadvantages of HTTP basic authentication?

Quiz Answers

  1. For example, if you want to deny the example.org Web site access to your site, you can add the following to your configuration file:

  2. SetEnvIfNoCase Referer "^http://www.example.org/" evil_site=1
    Order Allow,Deny
    Allow from all
    Deny from env=evil_site
  3. They are much more scalable because they can be indexed. This means that Apache does not need to read the file sequentially until a match is found for a particular user, but rather can jump to the exact location.

  4. One disadvantage is that it is transmitted in clear text over the network. This means that unless you are using SSL (explained in Hour 17), it is possible for an attacker to read the packets your browser sends to the server and steal your password. Another disadvantage is that HTTP authentication does not provide a means for customizing the login (except the realm name). It is very common for Web sites to implement custom login mechanisms using HTML forms and cookies.

  • + Share This
  • 🔖 Save To Your Account