Hi,
I have a client running an anti-password sharing/hackin script on several of his domains, this script validates a user's login details against a common .htpasswd file. I did the apache update this morning and it broke this script. It seems that the script can no longer access the .htpasswd file that is residing on a different domain.
Is this by design in the new version of Apache? Or is there a workaround? This server is hosting a single client so cross-domain scripting security is not an issue. open_basedir protection was never enabled and cPanel still shows it as being not enabled. If I remove the script and use a simple .htaccess file referencing the .htpasswd file on the other domain, it works. Its only when the sript tries to access the .htpasswd file that it does not work. I tested it and if the script references a local .htpasswd file it works.
Maybe someone can suggest where else I can look??
thanks!
I have a client running an anti-password sharing/hackin script on several of his domains, this script validates a user's login details against a common .htpasswd file. I did the apache update this morning and it broke this script. It seems that the script can no longer access the .htpasswd file that is residing on a different domain.
Is this by design in the new version of Apache? Or is there a workaround? This server is hosting a single client so cross-domain scripting security is not an issue. open_basedir protection was never enabled and cPanel still shows it as being not enabled. If I remove the script and use a simple .htaccess file referencing the .htpasswd file on the other domain, it works. Its only when the sript tries to access the .htpasswd file that it does not work. I tested it and if the script references a local .htpasswd file it works.
Maybe someone can suggest where else I can look??
thanks!
