httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] Reposting of Question: Setting Up User Authentication For An Entire Site
Date Fri, 15 Aug 2003 13:44:00 GMT
Kaplan, Andrew H wrote:
> The idea is when a user brings up the website on his/her browser,
> he/she will be immediately prompted for a password. Once that is provided,
> the user will have access to the various sections of the site that have
> been set up. I was planning on using the .htaccess file for the passwords,
> and configuring the httpd.conf file so that password authentication will
take
> place at the root of the Documents directory.
>
> Is this the way to go? Thanks.

Yes, with a few comments.

* Are you satisfied with the very low security inherent in Basic
  Authentication? If sensitive information is going to travel the pipe, you
  might want to use SSL in addition to Basic Auth.

* If you are going to have a lot (100+) user, it would be wise to use
  another method.

* As I see it, there is no reason for using an .htaccess file; configure the
  authentication directly in httpd.conf and refer to a password file (which
  is not an access file, many seems to mix the two).

Regards,
Robert Andersonn


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message