httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject interesting mod_auth, mod_auth_dbm differences
Date Fri, 24 Oct 1997 06:32:56 GMT
I was just comparing mod_auth:check_user_access and
mod_auth_dbm:dbm_check_auth. 

mod_auth doesn't handle it's authoritative setting correctly if there is a
"require group" setting and it can't open its group file.  It will let
things continue on.  This is a security problem. 

mod_auth_dbm does a lot of needless reopening and reading of the group
file if there are multiple groups. 

There are other tiny differences. 

Naturally the correct solution is beyond the scope of 1.3.  The correct
solution is to abstract the database lookup and have a single auth module
and multiple db modules. 

Dean



Mime
View raw message