httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@organic.com>
Subject Re: Apache module for system database-based authentication
Date Thu, 11 Jul 1996 21:39:27 GMT
On Thu, 11 Jul 1996, Tony Sanders wrote:

> That is, it uses /etc/passwd and /etc/group.  This is useful for
> building private webs.

But potentially dangerous. I'd stick big warning labels all over it. HTTP
Basic authentication sends passwords basically in the clear. If you're
using the passwords from /etc/passwd, this means anyone with a packet
sniffer can read your username and password, and break right into your
system.

> To enable it you add:
>         AuthSYSPWEnable enable
> to the appropriate config file (usually access.conf).
> [suggestions in this area are welcome, I wasn't sure how to do a boolean
> without having to write more code than it warrented]

Use a dispatch type of "FLAG". It will call your command function with an
int argument, either 0 or 1.

-- Alexei Kosut <akosut@organic.com>            The Apache HTTP Server 
   http://www.nueva.pvt.k12.ca.us/~akosut/      http://www.apache.org/



Mime
View raw message