httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Africa <cafr...@umich.edu>
Subject [users@httpd] protecting php controller paths
Date Thu, 14 Aug 2008 13:35:14 GMT
We are using an MVC framework to develop PHP applications. We have  
Apache handling requests via the PHP module, Cosign for  
authentication, and .htaccess for authorization.

Up to a few months ago, we developed/deployed our applications with  
Zope, which handled both authentication and authorization internally  
-- so this is new territory for us all around.

One of our apps has 4 views, to be made accessible to 4 separate  
groups of people. The developer integrated all the interfaces behind a  
single controller, which makes complete sense from a development  
standpoint, but now I can't figure out how to restrict access to the  
views.

Accessing http://fakey.site.edu/student gets you the student.php file  
which points to the index.php controller. Attempts to restrict / 
student or /student.php with either <Directory> or <Location> are  
ignored (which makes sense, since these are neither directories nor  
locations). What do I need here?

My hack was to copy his code into 4 separate directories and eliminate  
key pieces in each one so that I can restrict by actual directory. But  
this is really hacky and not maintainable.

Many thanks for any help you can give!

--
Chris Africa
Web Project Manager
Department of Mechanical Engineering
University of Michigan
734-764-8482
Fridays: 734-730-6221
AIM/iChat/Skype ID: baiewola


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message