httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@avron.ICS.UCI.EDU>
Subject Re: Patch to allow use of password file as auth DB (from USENET)
Date Mon, 08 May 1995 08:23:06 GMT
> What his patch does is permit people to say "AuthUserFile +" and then
> it will allow the use of NIS to find username-password information
> instead of special password files for httpd.

Ummmm, just to pick a little nit, this is a really bad idea from
the point of security.  The Basic AA is bad enough, but to encourage
users to pass their real system passwords through HTTP en claire is
quite irresponsible.


View raw message