httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laura Vance <>
Subject Re: [users@httpd] users sharing username/password
Date Fri, 25 Jun 2004 14:12:18 GMT
Hello Byrd,

The problem with users sharing passwords is that it will never stop.  
There is also no way to prevent it unless you get a type of biometric 
reader (i.e. fingerprint reader) for your login validation.  One way to 
make it less likely is to restrict specific logins to specific IP 
addresses.  The side effect of this is that users will not be able to 
login from anywhere but their own desk.

The best way to lessen this problem is to have strict company policies 
about this and make sure they are enforced.  Let people know that their 
jobs could be at stake if someone else is using their password and does 
something to get them in trouble.  Essentially they are giving the 
individual a sort of computer-based power of attourney to act on their 

I'm sorry I can't offer any help on your proposed solution.  The 
solution that I use here is software based and logs to a database 
backend.  It allows me to see who logs in at what computers and who does 
what in the system.  If some piece of data gets changed and they know 
approximately when it got changed, I can examine the logs and see who 
was in that record at that time.  It also shows the IP so we can tell if 
it was at the users machine or not.  We have no need to restrict logins 
to specific IPs, but people have been fired because of things that their 
login did.  It's a wonderful deterrant.

Byrd Harrison wrote:

>Please help,
>Problem - users sharing username/password
>Solution - Authenticate user by comparing cookie value(from previous visit) with variable
set using regex thru SetEnvIf > Apache mod_access > .htaccess
>Am I on the right track?
>Please recommend modules and methods
Laura Vance
Systems Engineer
Winfree Academy Charter Schools, Data-Business Office
1711 W. Irving Blvd. Ste 310
Irving, Tx  75061

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message