httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andres" <eetas...@online.ee>
Subject [users@httpd] Best way for authentication from CGI script
Date Sun, 06 Apr 2003 19:05:59 GMT
I have a table (dbf file)  which contains user names and passwords and other
fields.

I have a CGI web application from other web server which implements http
basic authentication using this table. It reads user name and password from
a http request. It uses authenticates user name to show resources allowed
for this user. I desided to port this app to Apache.

Since basic authentication info is not passed by Apache to a CGI app, I need
to change this app
authentication method to something other which is Apache compatible.

I use SSL protocol.
I don't want to change the application to pass user name and password as
hidden form variables or query string parameters: those can be read by
intruder since pages are cached in a local disk.
Also, I cannot use temporary cookie since this may be disabled.
My CGI app can read and delete users and this is difficult to syncronize
this table with apache users table.

Which is the best method to convert this web appl authentication to Apache ?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message