httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: make use of fs ACLs
Date Tue, 05 Jun 2007 10:47:31 GMT
On Mon, 4 Jun 2007 18:06:22 +0200
Peter Somogyi <psomogyi@gamax.hu> wrote:

> Hi,
> 
> We would like to have an autoindex-like file serving functionality of
> apache web server that avoids usage of .htaccess file, but uses
> filesystem's ACLs instead. Moreover we don't want to require wwwrun
> to be allowed in every file/dir ACLs.
> 
> For authentication we'd use e.g. mod_auth_external + pwauth.

Please read up on why that's a huge security hole (I think it's
described somewhere in apache's own documentation).

>	 a newly written tool
> which _becomes_ the authenticated user and lists directory content.

That's what suexec (and its many cousins) are for.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Mime
View raw message