User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7) Gecko/20040616
On 7/20/04 5:06 PM, johanna bromberg craig wrote:
This was originally a security thought, but I'm not sure our reasons
are valid anymore. I think our original logic was not wanting users to
turn off/on Cosign if an admin had made it on/off for a whole server,
but that might be spurious. Other members of the core cosign team feel
free to speak up and correct me if there was a more pressing issue and
I've just forgotten it. ;)
Did you want to use it in an .htaccess?
We were thinking of .htaccess usage, possibly for personal web pages,
though I think we came up with an alternative.
Does anyone? Is this something
people would like to see changed? Anyone have security thoughts on this
If "CosignProtected" could be classified as an authorization directive
(I don't know if that would be possible), then an admin could allow its
use by specifying "AllowOverride AuthConfig" as needed.