A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Waterfall_Cache has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 47

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 194

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Memcache_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 275

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Filesystem_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 440

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; APC_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 628

Securing Your Web Pages with Apache Page 13

Securing Your Web Pages with Apache Page 13

By Ken Coar (Send Email)
Posted Jun 29, 2000


I've tried to address most of the common questions about Apache's security mechanisms that keep cropping up, but here are a couple I didn't cover (but which are still common):

Q:
How do I invalidate credentials? Someone has logged in to a protected page, but now wants to 'log out' so no-one else can use his browser window to access the page without logging in again. How do I make his browser forget the credentials that worked the first time?
A:
The simplest way is to redirect the client to a script that always returns a '401 Unauthorised' status, no matter what. That tells the client its credentials are invalid, so it should throw them away. To make this work, the script needs to be in the realm for which the credentials are being invalidated. The big disadvantage to this method is that the default client behaviour on getting a 401 status is to ask the user for new credentials -- so it's not a seamless operation. For a truly invisible invalidation of credentials, you need to remove them from the authentication database -- which means the user won't be able to log back in again. {sigh} It's not an easy thing to do; read the various discussions about it on the www-talk mailing list archives at the W3C.

Q:
How can I use the dbmmanage tool to manage an AuthDBMGroupFile database?
A:
In a word, you can't. At some point in the Apache 1.3 development cycle, the dbmmanage script was altered in such a way that it can now only deal with user files, and not with group files any more. This is a known deficiency, though, and hopefully the ability to handle group files will be added again to a release in the not-too-distant future.

Going Further

You can also find some documentation at the following URLs:

Conclusion


Thanks for your registration, follow us on our social networks to keep up-to-date