httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: How to authorize everyone?
Date Thu, 25 Jul 1996 05:16:12 GMT
>   I am not too concerned about CGI stuff.  As long as it can be done
>   through mod_php, that is more than enough.
> I understand that --- the point was that if (a thinly modified) mod_cgi
> can do this without requiring any support from the auth machinery, then
> it seems to me that mod_php should be able to do the same thing.

Yes, it was easy, as you predicted.  My earlier confusion was completely
due to me not having done my basic homework on the subject.  I now make
the auth_user, auth_pw and auth_type available to PHP/FI scripts parsed
by mod_php, but only if the URI is not authenticated by an external 
mechanism.  I think that should prevent people from writing scripts that
try to discover peoples' passwords.

(Are you ever wrong about anything?)


View raw message