[NSRCA-discussion] Problems logging in to NSRCA Web Forum
Martin X. Moleski, SJ
moleski at canisius.edu
Wed Dec 29 07:52:24 AKST 2010
On 12/29/2010 11:44 AM, Robert L. Beaubien wrote:
> It would probably help a lot to use relative file names so that it
> wouldn't matter if they used www.nsrca.us or nsrca.us at all.
You are, of course, correct.
The exploit in December took advantage of .htaccess, where it is
not hard to put in a rewrite rule. My efforts to restore .htaccess
as part of our system hit a dead end and I have not gone back to
see whether I can revive it.
> Typing www.{domain} is a habit I have when typing a url.
Understood. I saw anomalies for more than a year because I had
a bookmark for nsrca.us with "www" in it. That's how I learned
that a cookie for "www.nsrca.us" does not substitute for one
given for "nsrca.us".
> Either that, or an automatic redirect when the wrong host header is
> receive to the correct host header. I'm not sure how you would go
> about this using .PHP, but in .net it is simply a matter of using the
> Session_Start method in the global.asax , check the host header and
> redirect from there if necessary.
There may be a way to fix it in PHP, but that would involve
a "core hack" both in Joomla and in the Forum software. The
best place to catch it would be in a rewrite rule in .htaccess.
I'm not going to have time to play with that any time soon ...
Marty
More information about the NSRCA-discussion
mailing list