Re: [Ids-devel] IDS default install leaves admin accessible to everyone

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I always check the security of any photo album I visit, and I've never seen
an insecure IDS installation (except for a site I run).  my server is
running RedHat as well, and I was too lazy to fix the settings, so I didn't
even upload the .htaccess file.   I'll prolly fix it tonight.  the site I
manage is the "Delaware Wing, Civil Air Patrol" site.

I love IDS, too...  just wish it had support for guest or user uploads.. I
guess I'll write some coding for it myself..  :)

Jerry Horn

----- Original Message -----
From: "Scott Gaskins" <sga...@nc...>
To: <mo...@mu...>
Cc: <ids...@li...>
Sent: Sunday, August 26, 2001 2:52 PM
Subject: [Ids-devel] IDS default install leaves admin accessible to everyone

John,

I just installed IDS and was in the process of trying to setup some
administative features when I noticed that, following all of your
instructions, I was able to access the admin page without having to put
in a password that I had created with htpasswd command.
I thought that this may be just a problem with my setup or installation,
so I went out to the example pages that you link from the
ids.sourceforge.net page and tried to access the admin pages for some of
those sites... and voila -- I could administer their pages at will!