httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] path
Date Tue, 24 Jan 2006 19:15:17 GMT
On 1/24/06, info. raa <info@raa.adv.br> wrote:
> Thanks for the reply.
> It is really a security measure, since i'm developing an erp with mysql.
> Do you know how it is done? I dont want to bookmark any pages or so.
> Your last solution works right away. Thanks.

Why shouldn't they be able to bookmark pages?  I hate web apps that
force things like that on me.  At worst, you should just use a session
id in the url and redirect to an intro page if the session is expired.

> Can i ask some other thing?
> Is there anyway to prevent the same user/password to be accepted by the
> server. Or one setup of user/password can be use like for 10 people or
> so?

Using HTTP Basic auth?  No.  There are no such controls in apache. 
You'd need to monitor the logs and lock out abused accounts.

If you are rolling your own sessions (using cookies of some kind),
then it is up to your application to track this.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message