httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: apache mod_dbd/htaccess
Date Thu, 01 May 2008 11:10:18 GMT
On Thu, 1 May 2008 16:53:14 +1000 (EST)
Res <> wrote:

> Hi,
> I have a request for a feature in Apache.
> Basically I was wondering if it could include the ability to use 
> AuthBasicProvider, AuthDBDUserPWQuery etc in a .htaccess file, like
> we can place in a directory block.

Isn't the documentation clear about this?  Hmmm, I'm sure I
wrote something, but it's not in the primary docs.

> Perhaps this was already looked at and discarded as a serious
> performance impact?

That's the lesser of two reasons.  The more important one is
that it introduces a whole new raft of security issues:
 * malicious users introducing SQL injection attacks through htaccess
 * naive users opening the way to ditto

Then there's the problem that combines both the above:
Prepared Statement implementations vary widely across database
engines, and in some cases are not good for once-only use.

Nick Kew

Application Development with Apache - the Apache Modules Book

View raw message