[support] www.mysite.net security hole for mysite.net?
Laura Scott
laura at pingv.com
Sat Jun 10 16:31:31 UTC 2006
Make sure your .htaccess file is being read. Then make sure you have
the correct redirect command uncommented.
If you're trying to run your www. domain as a different site than the
non-www. domain, then I don't know -- I've never tried that. But it
seems that either way site visitors will get Drupal's index.php.
Also, your admin session is saved in a cookie. That could be why
you're able to access the admin area.
If you want to do an off-line site before placing it at the root,
it's probably better to place it in a subdomain or subdirectory.
I hope this helps.
Laura
On Jun 10, 2006, at 10:16 AM, dondi_2006 wrote:
> Hello,
>
> please help me, this is serious.
>
> some days ago I started to build a new website with Drupal 4.7.2 on
> Linux
> + Apache.
>
> I configured everything ( DNS, Apache, Drupal...) to work ONLY when
> connecting to http://mysite.net. Or so I believed.
>
> ten minutes ago I decided to continue building my website. Without
> thinking,
> I typed in the browser www.mysite.net and got the drupal page (with
> default
> theme) saying, more or less, "hello, this is the first connection,
> so this
> account will be administrator with password ..... Please configure"
>
> If I click on configure, I go to the administration page and can
> screw the
> website without entering a password!
>
> At the same time, if I type in the browser http://mysite.net I get
> to the
> website I configured (theme, etc...) and I _have_ to log in to
> change things.
>
> What is this? An error of mine, a Drupal/apache bug, both? How can I
> set things so that www.mysite.net goes to mysite.net, without
> believing
> that is a first visit, and that anybody can hack the site?
>
> TIA,
> O.
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
More information about the support
mailing list