httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Ray" <...@blazestudios.com>
Subject Re: [users@httpd] Password protecting access to whole web site without .htpasswd file
Date Thu, 16 Jan 2003 17:02:27 GMT
If you can't use .htaccess to protect the directory, you're probably going
to have to use some sort of PERL or PHP script to do this. Have a login
page that when submit compares against either a flat file or a database
that has a username and password stored in it.

Currently, I'm using a flat file system that has the same layout of a
password file created by htpasswd user:password and I use crypt() to
encrypt the passwords in the file, then when the user submits the form I
run the password the user supplied through crypt() and compare it to the
entries in the flat file. But I only have one or two users that hit this
area and the data isn't really that important that getting hacked would
make a big deal.

-----Original Message-----
From: Neil Marjoram <n.marjoram@vam.ac.uk>
To: users@httpd.apache.org
Date: 16 Jan 2003 16:19:05 +0000
Subject: [users@httpd] Password protecting access to whole web site
without .htpasswd file

> Hello, 
> 
> I wonder if anyone can help me. I need to secure a web site against
> access by unauthorised users - which may at first seem simple but my
> web
> server is just acting as a proxy to get at another web server inside
> the
> firewall.
> 
> I am using ProxyPass statements to pass the request to the internal
> server, one of which is for /. This means I am unable to place the
> usual
> .htpasswd files in the directories to secure the contents.
> 
> Anyone any ideas?
> 
> Apache version 1.3.27 on RedHat.
> 
> Thanks,
> 
> Neil.
> -- 
> Neil Marjoram <n.marjoram@vam.ac.uk>
> Victoria & Albert Museum
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message