Received: by taz.hyperreal.com (8.6.12/8.6.5) id SAA19907; Wed, 28 Feb 1996 18:30:27 -0800 Received: from fully.organic.com by taz.hyperreal.com (8.6.12/8.6.5) with ESMTP id SAA19901; Wed, 28 Feb 1996 18:30:25 -0800 Received: (from brian@localhost) by fully.organic.com (8.6.12/8.6.12) id CAA01919; Thu, 29 Feb 1996 02:33:37 GMT Date: Wed, 28 Feb 1996 18:33:37 -0800 (PST) From: Brian Behlendorf To: new-httpd@hyperreal.com cc: new-httpd@hyperreal.com Subject: Re: WWW Form Bug Report: ".htaccess" on UltrixNeXT (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-new-httpd@apache.org Precedence: bulk Reply-To: new-httpd@hyperreal.com On Wed, 28 Feb 1996 rasmus@madhaus.utcs.utoronto.ca wrote: > > I think I've heard this request before in a less colorful > > manner. The scenario is one where a person wishes to be > > certified as a member of a particular group and then be > > given access to information across several different servers. > > It shouldn't be too hard to set this up using the msql-based > authentication module for Apache. Just have a central mSQL server > and have the remote leaf servers point its authentication modules > at the central server. mSQL will take care of the rest. No code > changes needed, except perhaps a trivial change in the msql authen > module to make sure the msqlConnect() call can somehow be supplied > a hostname to connect to. The problem, of course, is that such a system addresses *none* of his concerns, in fact it only makes most of them worse. In this case, the ".gov" conspiracy only needs to grab this central password database machine, and the whole "cloud" comes down. Secondly, if access logs were grabbed from different sites, usernames will match between sites and one could easily tell where a given individual went across those sites. Very bad. Brian --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/