<html>
<body>
<FORM METHOD=GET ACTION="/cgi-bin/mycgi.cgi">
<h1>Welcome to the great rip-off of '97: Butterthlies Inc</h1>
<p>
All our worthless cards are available in packs of 20
at $1.95 a pack. WHAT A FANTASTIC DISCOUNT! There is an amazing
FURTHER 10% discount if you order more than 100.
</p>
</p> <hr> <p> Style 2315
<p align=center> <img src="bench.jpg" alt="Picture of a bench">
<p align=center> Be BOLD on the bench
<p>How many packs of 20 do you want?
<INPUT NAME="2315_order" TYPE=int>
<hr>
<p>
Style 2316
<p align=center>
<img src="hen.jpg" ALT="Picture of a hencoop like a pagoda">
<p align=center>
Get SCRAMBLED in the henhouse
<p>How many packs of 20 do you want?
<INPUT NAME="2316_order" TYPE=int>
<HR>
<p>
Style 2317
<p align=center>
<img src="tree.jpg" alt="Very nice picture of tree">
<p align=center>
Get HIGH in the treehouse
<p>How many packs of 20 do you want? <INPUT NAME="2317_order" TYPE=int>
<hr>
<p>
Style 2318
<p align=center>
<img src="bath.jpg" alt="Rather puzzling picture of a bathtub">
<p align=center>
Get DIRTY in the bath
<p>How many packs of 20 do you want? <INPUT NAME="2318_order" TYPE=int>
<hr>
<p align=right>
Postcards designed by Harriet@alart.demon.co.uk
<hr>
<br>
Butterthlies Inc, Hopeful City, Nevada 99999
</br>
<p><INPUT TYPE=submit><INPUT TYPE=reset>
</FORM>
</body>
</html>
We have to edit ...
/site.authent/htdocs/customers/index.html :
<html>
<head>
<title>Index to Butterthlies Catalogs<title>
</head>
<body>
<ul>
<li>
<A href="form_summer.html">Summer order form </A>
</ul>
<hr>
<br>
Butterthlies Inc, Hopeful City, Nevada 99999
</br>
</body>
</html>
And we also have to edit ...
/site.authent/htdocs/salesmen:
<html>
<head>
<title>Salesman's Index to Butterthlies Catalogs</title>
</head>
<body>
<ul>
<li>
<A href="form_summer_sales.html">Summer order form </A>
</ul>
<hr>
<br>
Butterthlies Inc, Hopeful City, Nevada 99999
</br>
</body>
</html>
All this works satisfactorily. When you access
www.butterthlies.com, you get the
customers' order form as before. When you go to
sales.butterthlies.com, you are told:
Enter username for darkness at sales.butterthlies.com
The realm name darkness was specified when we set
up the passwords. You enter bill
and then his password,
theft, and there you are with
the salespeople's order form. You can now experiment with
different require directives by stopping Apache
and editing conf/httpd.conf, then restarting
Apache with ./go and logging in again.
You may find that logging in again is a bit more elaborate than you
would think. We found that Netscape was annoyingly helpful in
remembering the password used for the last login and using it again.
To make sure you are really exercising the security features, you
have to get out of Netscape each time and reload it to get a fresh
crack.
You might like to try the effect of:
#require valid-user
#require user daphne bill
require group cleaners
#require group directors
or:
#require valid-user
require user daphne bill
#require group cleaners
#require group directors