httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: WWW Form Bug Report: ".htaccess" on UltrixNeXT (fwd)
Date Thu, 29 Feb 1996 02:33:37 GMT
On Wed, 28 Feb 1996 rasmus@madhaus.utcs.utoronto.ca wrote:
> > I think I've heard this request before in a less colorful
> > manner.  The scenario is one where a person wishes to be
> > certified as a member of a particular group and then be
> > given access to information across several different servers.
> 
> It shouldn't be too hard to set this up using the msql-based
> authentication module for Apache.  Just have a central mSQL server
> and have the remote leaf servers point its authentication modules
> at the central server.  mSQL will take care of the rest.  No code
> changes needed, except perhaps a trivial change in the msql authen
> module to make sure the msqlConnect() call can somehow be supplied
> a hostname to connect to.

The problem, of course, is that such a system addresses *none* of his 
concerns, in fact it only makes most of them worse.  In this case, the 
".gov" conspiracy only needs to grab this central password database 
machine, and the whole "cloud" comes down.  Secondly, if access logs were 
grabbed from different sites, usernames will match between sites and one 
could easily tell where a given individual went across those sites.  Very 
bad.  

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  brian@hyperreal.com  http://www.[hyperreal,organic].com/


Mime
View raw message