httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject Re: Fwd> Question regarding mod_auth_sys
Date Thu, 15 May 1997 18:57:57 GMT
It's easy to change file ownership on sysv-style systems that let you
"chown away" a file.  IRIX for example (unless you systune it off).


On Thu, 15 May 1997 wrote:
> The way I have suggested that people handle this in the past is to make a
> change to the mod_php Header() function to make it prepend the user id
> of the owner of the .html file containing the script to the realm.  This
> way, on a shared server, the person trying to grab passwords would have to
> change the ownership of his/her grabber script to match someone else's, or
> in the case of a mod_auth_sys authenticated page, the realm would never
> match.

View raw message