httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tomas Larsson" <to...@tlec.se>
Subject RE: [users@httpd] File permissions in an Apache enviroment
Date Sun, 06 Jan 2008 22:14:58 GMT
> -----Original Message-----
> From: jslive@gmail.com [mailto:jslive@gmail.com] On Behalf Of 
> Joshua Slive
> Sent: Sunday, January 06, 2008 4:13 PM
> To: users@httpd.apache.org; tomas@tlec.se
> Subject: Re: [users@httpd] File permissions in an Apache enviroment
> 
> On Jan 6, 2008 3:04 AM, Tomas Larsson <tomas@tlec.se> wrote:
> > Well, the problem is I cant put the username and the 
> password in the 
> > url, http://user:passw@mydomain/scriptdir/script is not 
> allowed, thats 
> > the reason why I cant use .htpasswd to protect the dir.
> 
> That's a client restriction and has nothing to do with apache.

Yes I know, it's the way may hosts "CRON-job" implementation works.


> 
> > If it wasn't for this restriction I would be able to use 
> .htpasswd w/o 
> > any problem.
> > so-far Ive put 100 on the dir, and I have done some simple checks, 
> > like I cant wget anything from the dir, if I wget an 
> existing filename 
> > I get 0 bytes.
> 
> You can use Order/Allow/Deny to restrict by IP address. Other 
> than that, you need to specify how you expect to 
> differentiate between you authorized and unauthorized users.
> 
> Joshua.
Basically it is a MySQL backup-script written in PHP.
It is called by the "CRON-implementation" my host has.
It works by calling my virtual server with the url to the directory with the
script and the script itself, ie http://mydomain/scriptlocation/script.php
Obviously, doing it this way it is sort of open for the "general public"
provided that they know what to look for.
So obviously I don't want anyone else to go into it.
It should only be accessible for the Cron-command.
I guess that I need to implement some sort of password-control in the script
itself, but I want the directory totaly safe from anybody else.

With best regards

Tomas Larsson
Sweden
http://www.tlec.se
http://www.ebaman.com

Verus Amicus Est Tamquam Alter Idem


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message