httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Authorization checking
Date Wed, 10 Apr 1996 20:38:10 GMT
>   AddType text/x-php-includes php
>   Action text/x-php-include /cgi-bin/php
> This makes the server handle requests for say /some/dir/foo.php as follows:

This is how most people currently run php with Apache, NCSA and Netscape.
I wrote a patch to let NCSA httpd do this, and I wrote an NSAPI module
to do it with Netscape.  For Apache people download the 78b patch which
allows mod_actions to work correctly with the 1.0.x servers.  These are
all available at if anybody is interested.

> The hole in this scheme, at present, is that the client can still
> request /cgi-bin/php/some/dir/foo.php directly, bypassing the access
> checks --- but doing something about that strikes me as a better
> approach than opening the whole auth-within-CGI morass.  After all, do
> you *really* want to duplicate the server's entire access-check
> machinery within php?

No, I want to extend it.  I want all the normal .htaccess stuff done by
Apache, but I would like to be able to do the user/password authentication
in a .php file which I cannot do unless I can somehow get a hold of the
password coming from the browser.

Rasmus Lerdorf

View raw message