httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark J Cox <M.J....@bradford.ac.uk>
Subject Re: apache
Date Sat, 08 Apr 1995 09:51:08 GMT
On Fri, 7 Apr 1995, Brian Behlendorf wrote:
> Sort of like an AddDescription but set on a per-directory basis like 
> .htaccess... what about allowing AddDescription in .htaccess?

I (and several others who run Web sites) already have these description
files in a certain (standard) format.  The file consists simply of a line
per file containing the filename, any amount of whitespace, and the
description.

This format is read by quite a few GIF and JPG viewers too so its nice not
to have to convert it or add it to a .htaccess file.   See URL:
http://www.telescope.org/mwc/files.html for it in action.

> analysers could break.  Your change would probably not break those, but 
> anyone who does care about identd info is fuct.  

Agreed.  This sort of patch should not make it into a general release.

> (indeed, we have them here) where those who want to be able to edit the
> .htgroup file do not also have access to modify the password files.  

Well lets make a separate group DBM file for it then.  I would imagine
then that your 160,000 users are not in a default group?  Parsing a
standard .htgroup file with a few thousand entries takes forever.

Wish-list:

A way of storing an objects information in a separate file (things you
might find in the Head or Header like Expiry, Owner...).  Like the CERN
.meta files.  You could include a global realm here too (see below)
Disadvantage is you are adding another file to look for on each request. 

Global realms for password authentication.  You define a realm, (name, who
can access it, location of password file) and just have the realm name in
the .htaccess file.  Would make updating and management easier.  I think
CERN does something like this, and it allows you to say things like ".y"
extensions are only accessible by "XYZZX" realm. 

Host Authentication Fall-back.  If you use host authentication to limit
some documents locally you can provide a "fall back" document if the host
is not allowed.  I bodged something like this with a "-fail" extension. 
It the host was not allowed the -fail document was returned if it was
there.  If no -fail it failed as normal.  This could be something for
MultiViews

Mark
Mark J Cox ----------------------- URL:http://www.telescope.org/mark.html
University of Bradford, UK --------------- tel +44.1274.384070/fax 391333



Mime
View raw message