httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zeno <z...@cgisecurity.net>
Subject Re: [users@httpd] refering url authentication
Date Wed, 29 Jan 2003 21:02:22 GMT

Doing authentication by referer is very bad and should never be done. It is very easily faked.
One way you could do this (if I'm properly understanding you) is to do authentication
by hosts with htaccess.

Add something like this inside your htaccess file

allow from 10.0.0.1

This way your other webserver (which I am assuming is passing data to webserver 1) can easily
log in. If you are talking about having 1 user visit 2 sites you can write a script to add
and remove
entries from a htaccess file with the allow from option. If both sites are on the same machine
then
simply have them use the same htaccess file.


- zeno@cgisecurity.com



> 
> im wondering if there is any way make this work 
> 
> 
> I have an existing site on an apahce server using a .htacess
> authentication
> now i have a new site that has its own .htaccess authentication.  But i
> also want site 2 to beable to access site 1 with out logining into site
> 1 .  
> 
> Any body have an idea how to do this?
> 
> 
> John Lord(lord@allturbo.com)
> It Manager
> AllTurbo Internet Services Inc
> 410-213-9388 Office
> pageme@allturbo.com Pager
> www.allturbo.com
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message